{"report_id":"cae452d1-c4e4-40ed-891c-47bf3ffe9040","version":6,"status":"done","tags":[],"date":"2025-12-24T17:33:40Z","url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":0,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"final":{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"title":"Hot Videos 人気動画-動画@AV4.us","dom":{"size":53373,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (28740)","md5":"b8d01abb6a326b92e491f9313748775a","sha1":"64e116eac52f70d3e490b9e6f52f5fda7ebe61ae","sha256":"99b8fd983e4cb1e513ab80327a1a0d6135a833f855113a94558256a87472eef0","sha512":"27241d742662f9996f96725b6d3f692910c4ff232823e08e379be98b9ac648e7b7ef87ade33fb5b8a84a840007f0d400e7385a87648f3fd1cd552af4b8b69905","ssdeep":"384:M6qK8biNpuUpU9P8EicPKySLsdImBWntNJKFNrPI6UtMygJt6LktbNoqxsisdtfO:trN2P8EiKKLLsLlwfVvtWvo2e+","tlshash":"db33d1969288bb3915c59f007dfff26ac9f2f49eacc34213ec71825d10046adf896e95","dom_hash":"domhash96667222351996f0b339838cc5cfeea4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":0,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-28T17:33:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":0,"analyzer":10}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:17Z","timestamp":1766597597,"ip_dst":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.5","port":53606,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2025-12-24T17:33:17.192132+0000\",\"flow_id\":1148101194535393,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":53606,\"dest_ip\":\"172.67.183.25\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"jsjs.jpg4.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":915,\"bytes_toclient\":3510,\"start\":\"2025-12-24T17:33:17.184801+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:22Z","timestamp":1766597602,"ip_dst":{"addr":"172.18.0.5","port":54432,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"89.248.193.244","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-12-24T17:33:22.529876+0000\",\"flow_id\":265227717458248,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"89.248.193.244\",\"src_port\":443,\"dest_ip\":\"172.18.0.5\",\"dest_port\":54432,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=vidmo.org\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"0F:E4:82:18:86:36:20:C5:9E:0C:92:43:8F:AE:D0:23\",\"fingerprint\":\"5a:f1:73:5e:65:04:62:81:77:0d:e9:30:2a:1c:ad:d5:01:9c:eb:ea\",\"sni\":\"en.vidmo.org\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-11-04T00:00:00\",\"notafter\":\"2026-02-02T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"0191d81a4ad7ee1a330a1e2c51d23ace\",\"string\":\"771,49195,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3623,\"start\":\"2025-12-24T17:33:22.407880+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"fixedjs.4vid.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"www.effedupmovies.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"jp.av2.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"jp.av2.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"fqjpg4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"en.vidmo.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"page.phic4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"pdocac.4vid.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"www.oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.dmm.co.jp","ip":{"addr":"52.222.190.76","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2006-07-10","domain_rank":2607,"first_seen":"2012-05-22T19:10:42Z","last_seen":"2025-12-17T11:30:35.03848Z","alert_count":0,"request_count":1,"received_data":15546,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"www.w3schools.com","ip":{"addr":"23.36.77.57","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2000-03-21","domain_rank":2135,"first_seen":"2014-02-05T20:15:46Z","last_seen":"2025-12-22T11:10:31.109144Z","alert_count":0,"request_count":1,"received_data":24014,"sent_data":428,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.xvideos.com","ip":{"addr":"185.88.181.9","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"domain_registered":"1997-12-30","domain_rank":1943,"first_seen":"2012-05-21T20:29:12Z","last_seen":"2025-12-18T05:22:27.913387Z","alert_count":0,"request_count":1,"received_data":15370,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sbzytpimg1.com","ip":{"addr":"142.248.99.81","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-04-24","domain_rank":160397,"first_seen":"2024-07-25T07:47:58Z","last_seen":"2025-12-19T09:07:19.152302Z","alert_count":0,"request_count":6,"received_data":119420,"sent_data":2886,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fixedjs.4vid.top","ip":{"addr":"188.114.96.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-03-09","domain_rank":0,"first_seen":"2025-11-19T01:17:38.764851Z","last_seen":"2025-12-16T06:18:58.410736Z","alert_count":2,"request_count":2,"received_data":6682,"sent_data":788,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"icdn05.zzztube.tv","ip":{"addr":"45.133.44.6","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2023-02-05T20:12:52Z","last_seen":"2025-12-18T12:52:35.671865Z","alert_count":0,"request_count":2,"received_data":22647,"sent_data":878,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.effedupmovies.com","ip":{"addr":"45.138.107.13","port":443,"asn":208414,"as":"WEDOS Internet, a.s.","country":"Czechia","country_code":"CZ"},"domain_registered":"2017-08-24","domain_rank":121897,"first_seen":"2018-01-06T11:19:22Z","last_seen":"2025-12-18T09:20:21.035674Z","alert_count":2,"request_count":2,"received_data":26623,"sent_data":913,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP:8.4.15","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}]},{"fqdn":"8zoonet.z00.monster","ip":{"addr":"148.113.152.129","port":443,"asn":16276,"as":"OVH SAS","country":"United States","country_code":"US"},"domain_registered":"2019-08-26","domain_rank":0,"first_seen":"2020-06-27T22:13:57Z","last_seen":"2025-12-21T16:29:03.629085Z","alert_count":0,"request_count":1,"received_data":15345,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"en.vidmo.org","ip":{"addr":"89.248.193.244","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2012-10-07","domain_rank":5121515,"first_seen":"2017-03-14T11:42:51Z","last_seen":"2025-12-16T23:18:38.330145Z","alert_count":0,"request_count":1,"received_data":5697,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"multicst.com","ip":{"addr":"172.67.220.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-09-25","domain_rank":160888,"first_seen":"2023-09-25T11:47:33Z","last_seen":"2025-12-16T23:18:44.404526Z","alert_count":0,"request_count":1,"received_data":84767,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.sexmutant.com","ip":{"addr":"104.21.21.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-07","domain_rank":121148,"first_seen":"2020-07-17T21:09:23Z","last_seen":"2025-12-16T06:18:55.99637Z","alert_count":0,"request_count":1,"received_data":27955,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.porn4e.com","ip":{"addr":"192.243.50.109","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2018-06-30","domain_rank":5829204,"first_seen":"2018-12-18T12:37:50Z","last_seen":"2025-12-18T19:32:04.608803Z","alert_count":0,"request_count":1,"received_data":172,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"x-n-x-x.pro","ip":{"addr":"162.254.190.69","port":443,"asn":32338,"as":"HOSTISERVER","country":"United States","country_code":"US"},"domain_registered":"2020-08-16","domain_rank":101794,"first_seen":"2020-08-17T08:16:44Z","last_seen":"2025-12-18T19:07:20.217938Z","alert_count":0,"request_count":1,"received_data":1499,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sexsex10.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-04-17","domain_rank":688235,"first_seen":"2025-07-08T05:40:36.488095Z","last_seen":"2025-12-18T05:22:24.729249Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":427,"comment":"","tags":null,"fingerprints":null},{"fqdn":"g.uuu.cam","ip":{"addr":"104.21.82.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-04-10","domain_rank":4415821,"first_seen":"2025-01-11T12:08:34Z","last_seen":"2025-12-16T06:18:56.178541Z","alert_count":0,"request_count":2,"received_data":116775,"sent_data":909,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pdocac.jpg4.icu","ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-06-01","domain_rank":0,"first_seen":"2025-11-19T01:17:48.933973Z","last_seen":"2025-12-18T05:22:23.354581Z","alert_count":0,"request_count":1,"received_data":3570,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.oedy9.com","ip":{"addr":"46.202.208.18","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"domain_registered":"2023-10-27","domain_rank":3836162,"first_seen":"2023-10-27T17:25:38Z","last_seen":"2025-12-16T23:18:39.68091Z","alert_count":1,"request_count":1,"received_data":221,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pics.dmm.co.jp","ip":{"addr":"52.222.186.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2006-07-10","domain_rank":409090,"first_seen":"2012-08-01T07:09:25Z","last_seen":"2025-12-24T01:42:20.681097Z","alert_count":0,"request_count":1,"received_data":15228,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kzjiaio.org","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-02-14","domain_rank":237466,"first_seen":"2025-02-08T03:33:01.802826Z","last_seen":"2025-12-18T08:24:43.432035Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":426,"comment":"","tags":null,"fingerprints":null},{"fqdn":"oedy9.com","ip":{"addr":"46.202.208.18","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"domain_registered":"2023-10-27","domain_rank":150266,"first_seen":"2023-10-27T10:41:23Z","last_seen":"2025-12-17T23:26:08.817115Z","alert_count":1,"request_count":1,"received_data":221,"sent_data":424,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"jsjs.jpg4.icu","ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-06-01","domain_rank":0,"first_seen":"2025-11-19T01:17:39.197833Z","last_seen":"2025-12-18T05:22:21.568848Z","alert_count":0,"request_count":2,"received_data":1530,"sent_data":828,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ru.x-pirat.ru","ip":{"addr":"104.21.19.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-08-15","domain_rank":0,"first_seen":"2025-07-07T22:00:56.763126Z","last_seen":"2025-12-21T22:47:00.61319Z","alert_count":0,"request_count":1,"received_data":100416,"sent_data":436,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.sexsex61.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-04-17","domain_rank":3526336,"first_seen":"2025-03-12T03:12:00.175026Z","last_seen":"2025-12-16T06:18:54.979156Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":431,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pits10.com","ip":{"addr":"154.214.5.46","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-01-06","domain_rank":363649,"first_seen":"2025-05-21T07:11:37.990243Z","last_seen":"2025-12-18T08:24:43.16826Z","alert_count":0,"request_count":1,"received_data":37845,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"pdocac.4vid.top","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-03-09","domain_rank":0,"first_seen":"2025-11-19T01:17:36.035067Z","last_seen":"2025-12-16T06:18:56.988168Z","alert_count":1,"request_count":1,"received_data":3452,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.2beeg.me","ip":{"addr":"172.67.184.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-09-30","domain_rank":4574514,"first_seen":"2020-12-19T09:44:39Z","last_seen":"2025-12-16T23:18:41.8186Z","alert_count":0,"request_count":1,"received_data":15657,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img20.sdratmue.com","ip":{"addr":"45.138.107.47","port":443,"asn":208414,"as":"WEDOS Internet, a.s.","country":"Czechia","country_code":"CZ"},"domain_registered":"2024-12-07","domain_rank":0,"first_seen":"2025-09-06T02:56:07.647318Z","last_seen":"2025-12-18T19:32:06.206631Z","alert_count":0,"request_count":1,"received_data":16249,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-21T22:20:20.869237Z","alert_count":0,"request_count":2,"received_data":23435,"sent_data":887,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.9188porn.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-06-18","domain_rank":3479355,"first_seen":"2025-02-07T09:21:52Z","last_seen":"2025-12-18T05:22:26.106225Z","alert_count":0,"request_count":5,"received_data":3790,"sent_data":2229,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"icdn05.4kpornvideos.tv","ip":{"addr":"45.133.44.5","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2019-05-01","domain_rank":4106070,"first_seen":"2022-11-09T12:16:02Z","last_seen":"2025-12-16T06:18:54.756749Z","alert_count":0,"request_count":3,"received_data":99654,"sent_data":1333,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.dirtysancheztube.com","ip":{"addr":"104.21.16.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-11-26","domain_rank":1702718,"first_seen":"2017-04-21T10:33:26Z","last_seen":"2025-12-16T06:18:58.950752Z","alert_count":0,"request_count":2,"received_data":14132,"sent_data":892,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.gekiyasu-dvdshop.jp","ip":{"addr":"133.18.101.157","port":443,"asn":24282,"as":"KAGOYA JAPAN Inc.","country":"Japan","country_code":"JP"},"domain_registered":"2009-05-18","domain_rank":993305,"first_seen":"2012-11-14T15:38:39Z","last_seen":"2025-12-16T06:18:54.17392Z","alert_count":0,"request_count":1,"received_data":603,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]},{"fqdn":"www.twi-videos.net","ip":{"addr":"104.21.75.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-07-05","domain_rank":3757802,"first_seen":"2021-11-10T10:36:55Z","last_seen":"2025-12-18T05:22:25.903694Z","alert_count":0,"request_count":1,"received_data":751,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fqjpg4.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-14","domain_rank":162173,"first_seen":"2025-06-28T08:10:55.589739Z","last_seen":"2025-12-18T05:22:27.410901Z","alert_count":2,"request_count":2,"received_data":0,"sent_data":944,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tuaskbgnekr.com","ip":{"addr":"208.64.217.23","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"domain_registered":"2025-03-12","domain_rank":193855,"first_seen":"2025-03-16T23:57:53.559575Z","last_seen":"2025-12-18T05:22:27.991922Z","alert_count":0,"request_count":1,"received_data":4607,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"p.dmm.co.jp","ip":{"addr":"52.222.186.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2006-07-10","domain_rank":2859820,"first_seen":"2012-10-01T03:36:47Z","last_seen":"2025-12-17T11:30:34.917469Z","alert_count":0,"request_count":1,"received_data":15669,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"css.jpg4.icu","ip":{"addr":"172.67.183.25","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-06-01","domain_rank":0,"first_seen":"2025-11-19T01:17:37.695346Z","last_seen":"2025-12-18T05:22:22.576024Z","alert_count":0,"request_count":3,"received_data":39952,"sent_data":1370,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.aisan-porn.org","ip":{"addr":"192.243.50.111","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2020-01-03","domain_rank":5292813,"first_seen":"2021-05-06T08:15:59Z","last_seen":"2025-12-16T23:18:39.838944Z","alert_count":0,"request_count":1,"received_data":172,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"kocho-kocho.com","ip":{"addr":"150.95.59.35","port":443,"asn":7506,"as":"GMO Internet,Inc","country":"Japan","country_code":"JP"},"domain_registered":"unknown","domain_rank":2215610,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":241938,"sent_data":900,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"www.twi-dl.net","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-05-15","domain_rank":124394,"first_seen":"2024-09-09T09:24:24Z","last_seen":"2025-12-18T05:22:16.138729Z","alert_count":0,"request_count":1,"received_data":743,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"page.phic4.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-03-07","domain_rank":4536559,"first_seen":"2024-03-28T08:56:57Z","last_seen":"2025-12-18T05:22:19.472222Z","alert_count":4,"request_count":4,"received_data":0,"sent_data":1626,"comment":"","tags":null,"fingerprints":null},{"fqdn":"stallionanimalxxx.com","ip":{"addr":"185.162.130.18","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"The Netherlands","country_code":"NL"},"domain_registered":"2021-11-25","domain_rank":505701,"first_seen":"2022-01-03T13:03:14Z","last_seen":"2025-07-02T22:51:10.8057Z","alert_count":0,"request_count":2,"received_data":15708,"sent_data":882,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.23.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2025-12-21T22:36:12.072016Z","alert_count":0,"request_count":4,"received_data":351592,"sent_data":1762,"comment":"","tags":null,"fingerprints":null},{"fqdn":"blumpkintube.com","ip":{"addr":"104.21.79.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-11-26","domain_rank":91888,"first_seen":"2017-05-23T16:37:55Z","last_seen":"2025-12-16T06:18:56.96482Z","alert_count":0,"request_count":2,"received_data":14820,"sent_data":870,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img.apian088.sbs","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-15","domain_rank":4180399,"first_seen":"2025-07-19T07:04:29.096235Z","last_seen":"2025-12-18T05:22:16.707523Z","alert_count":0,"request_count":15,"received_data":200838,"sent_data":6845,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"motherless.com","ip":{"addr":"185.107.81.234","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2005-11-19","domain_rank":1728,"first_seen":"2012-05-21T16:56:06Z","last_seen":"2025-12-17T14:53:12.291999Z","alert_count":0,"request_count":1,"received_data":1500,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sexsex16.com","ip":{"addr":"202.95.16.31","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2023-04-17","domain_rank":0,"first_seen":"2025-10-30T20:35:29.747428Z","last_seen":"2025-12-18T05:22:24.09476Z","alert_count":0,"request_count":1,"received_data":142,"sent_data":427,"comment":"","tags":null,"fingerprints":null},{"fqdn":"x436.com","ip":{"addr":"172.67.175.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-10-28","domain_rank":236221,"first_seen":"2017-09-01T23:38:54Z","last_seen":"2025-12-18T19:32:07.150606Z","alert_count":0,"request_count":1,"received_data":90467,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.clporn.com","ip":{"addr":"104.21.25.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-10-16","domain_rank":764883,"first_seen":"2015-04-11T05:54:49Z","last_seen":"2025-12-18T05:22:22.56775Z","alert_count":0,"request_count":3,"received_data":20489,"sent_data":1306,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"rtgallery.net","ip":{"addr":"5.63.144.84","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-12-29","domain_rank":78203,"first_seen":"2022-03-30T19:38:20Z","last_seen":"2025-12-21T16:29:04.072692Z","alert_count":0,"request_count":2,"received_data":69495,"sent_data":864,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img.tnaflix.com","ip":{"addr":"185.59.220.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2007-02-18","domain_rank":508372,"first_seen":"2021-07-31T15:01:03Z","last_seen":"2025-12-18T05:22:27.297792Z","alert_count":0,"request_count":1,"received_data":12203,"sent_data":458,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"cdn.mymediaing.my","ip":{"addr":"172.67.170.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-07T20:07:31.091044Z","last_seen":"2025-12-18T05:22:17.801836Z","alert_count":0,"request_count":1,"received_data":53485,"sent_data":415,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn5-thumbs.motherlessmedia.com","ip":{"addr":"185.107.92.224","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2008-10-11","domain_rank":905009,"first_seen":"2018-12-23T05:30:23Z","last_seen":"2025-12-17T14:53:12.221165Z","alert_count":0,"request_count":2,"received_data":51096,"sent_data":906,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-21T22:17:33.83847Z","alert_count":0,"request_count":1,"received_data":289716,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"gcore-pic.xvideos-cdn.com","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2017-08-25","domain_rank":91016,"first_seen":"2023-11-29T03:20:25Z","last_seen":"2025-12-24T14:44:23.485556Z","alert_count":0,"request_count":1,"received_data":11159,"sent_data":529,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"xsexteen.com","ip":{"addr":"185.73.221.134","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"domain_registered":"2019-11-29","domain_rank":383303,"first_seen":"2019-12-01T20:29:39Z","last_seen":"2025-12-16T23:18:44.446833Z","alert_count":0,"request_count":1,"received_data":168,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tubetubetube.com","ip":{"addr":"172.67.146.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2006-11-09","domain_rank":69859,"first_seen":"2013-12-23T09:04:30Z","last_seen":"2025-12-16T06:18:54.934473Z","alert_count":0,"request_count":2,"received_data":116426,"sent_data":923,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.tubetubetube.com","ip":{"addr":"172.67.146.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2006-11-09","domain_rank":6178130,"first_seen":"2012-10-08T02:05:54Z","last_seen":"2025-12-16T06:18:54.4217Z","alert_count":0,"request_count":2,"received_data":116290,"sent_data":931,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn2.geefap.com","ip":{"addr":"31.10.5.97","port":443,"asn":207728,"as":"EUROHOSTER Ltd.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2017-09-12","domain_rank":4560962,"first_seen":"2019-09-14T00:30:50Z","last_seen":"2025-12-16T06:18:53.345593Z","alert_count":0,"request_count":1,"received_data":25079,"sent_data":471,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"lsbzytp.com","ip":{"addr":"142.248.99.101","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-04-09","domain_rank":243364,"first_seen":"2023-05-07T13:36:46Z","last_seen":"2025-12-18T05:22:28.607929Z","alert_count":0,"request_count":1,"received_data":15523,"sent_data":478,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ansuko.net","ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-04","domain_rank":87799,"first_seen":"2023-07-04T08:10:56Z","last_seen":"2025-12-16T06:18:55.222804Z","alert_count":0,"request_count":13,"received_data":1433612,"sent_data":5957,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"xvideosrei.com","ip":{"addr":"54.38.46.215","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2017-09-21","domain_rank":80835,"first_seen":"2018-01-03T10:28:29Z","last_seen":"2025-12-16T06:18:53.491941Z","alert_count":0,"request_count":3,"received_data":38847,"sent_data":1363,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sexsex61.com","ip":{"addr":"202.95.16.30","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2023-04-17","domain_rank":155642,"first_seen":"2025-03-24T07:20:20.686063Z","last_seen":"2025-12-18T05:22:23.859763Z","alert_count":0,"request_count":1,"received_data":142,"sent_data":427,"comment":"","tags":null,"fingerprints":null},{"fqdn":"en.vidmo.pro","ip":{"addr":"89.248.193.244","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2022-04-10","domain_rank":122476,"first_seen":"2022-04-11T13:12:45Z","last_seen":"2025-12-18T05:22:18.019909Z","alert_count":1,"request_count":1,"received_data":39608,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sex18.photos","ip":{"addr":"31.10.5.97","port":443,"asn":207728,"as":"EUROHOSTER Ltd.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2015-10-01","domain_rank":225743,"first_seen":"2016-02-14T19:06:16Z","last_seen":"2025-12-18T05:22:24.047272Z","alert_count":0,"request_count":1,"received_data":224,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"erota2.com","ip":{"addr":"172.67.69.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-05-31","domain_rank":439658,"first_seen":"2019-04-02T11:04:19Z","last_seen":"2025-12-21T04:03:17.628146Z","alert_count":0,"request_count":3,"received_data":14492,"sent_data":1314,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.profreeporno.com","ip":{"addr":"46.229.174.192","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2021-05-04","domain_rank":0,"first_seen":"2025-05-28T07:11:10.113551Z","last_seen":"2025-12-18T23:50:48.034545Z","alert_count":0,"request_count":1,"received_data":172,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.gekiyasu-dvdshop.pink","ip":{"addr":"133.18.43.253","port":443,"asn":24282,"as":"KAGOYA JAPAN Inc.","country":"Japan","country_code":"JP"},"domain_registered":"2015-05-22","domain_rank":5570770,"first_seen":"2018-06-24T18:49:54Z","last_seen":"2025-12-16T06:18:55.57917Z","alert_count":0,"request_count":1,"received_data":19461,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]},{"fqdn":"cdn77-pic.xvideos-cdn.com","ip":{"addr":"185.76.9.7","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2017-08-25","domain_rank":75108,"first_seen":"2018-09-06T22:43:13Z","last_seen":"2025-12-15T06:23:40.199269Z","alert_count":0,"request_count":2,"received_data":16618,"sent_data":1058,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"filtradas.com","ip":{"addr":"91.234.199.87","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"Ukraine","country_code":"UA"},"domain_registered":"2025-04-09","domain_rank":184383,"first_seen":"2025-06-15T07:12:29.914989Z","last_seen":"2025-12-18T05:22:20.383837Z","alert_count":0,"request_count":6,"received_data":345139,"sent_data":2936,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.asiannudestube.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-10-16","domain_rank":293497,"first_seen":"2019-11-26T08:27:30Z","last_seen":"2025-12-16T06:18:59.840045Z","alert_count":0,"request_count":2,"received_data":14358,"sent_data":883,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.xsexteen.com","ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2019-11-29","domain_rank":0,"first_seen":"2020-09-04T02:11:42Z","last_seen":"2025-12-16T06:18:59.16146Z","alert_count":0,"request_count":1,"received_data":5754,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"mc.webvisor.org","ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"domain_registered":"2009-08-25","domain_rank":99131,"first_seen":"2017-08-16T02:40:17Z","last_seen":"2025-12-22T18:45:20.941788Z","alert_count":0,"request_count":2,"received_data":4800,"sent_data":3320,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"douga100ka.net","ip":{"addr":"133.125.148.22","port":443,"asn":7684,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"domain_registered":"2022-05-25","domain_rank":447088,"first_seen":"2022-05-25T17:23:40Z","last_seen":"2025-12-18T12:52:31.838857Z","alert_count":0,"request_count":1,"received_data":12335,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"8zoo.net","ip":{"addr":"104.21.47.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-31","domain_rank":462853,"first_seen":"2020-05-31T12:49:43Z","last_seen":"2025-12-21T16:29:02.769549Z","alert_count":0,"request_count":1,"received_data":684,"sent_data":423,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pics.x-n-x-x.pro","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-08-16","domain_rank":4153816,"first_seen":"2021-09-10T02:48:42Z","last_seen":"2025-12-18T09:20:19.229924Z","alert_count":0,"request_count":1,"received_data":9301,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"wwv4.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-11","domain_rank":363608,"first_seen":"2019-04-29T18:13:20Z","last_seen":"2025-12-21T16:36:48.834477Z","alert_count":0,"request_count":1,"received_data":31813,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-12-21T22:26:30.244656Z","alert_count":0,"request_count":1,"received_data":215075,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.russiaporno.net","ip":{"addr":"78.40.116.236","port":443,"asn":200019,"as":"Alexhost Srl","country":"Sweden","country_code":"SE"},"domain_registered":"2014-12-28","domain_rank":5013354,"first_seen":"2012-11-01T11:58:01Z","last_seen":"2025-12-18T12:52:32.5149Z","alert_count":0,"request_count":3,"received_data":14351,"sent_data":1254,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"jp.av2.top","ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":2,"received_data":77188,"sent_data":874,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"filmesporno.xxx","ip":{"addr":"80.82.65.89","port":443,"asn":202425,"as":"IP Volume inc","country":"The Netherlands","country_code":"NL"},"domain_registered":"2018-07-24","domain_rank":10355,"first_seen":"2019-03-31T05:29:58Z","last_seen":"2025-12-16T23:18:41.847113Z","alert_count":0,"request_count":3,"received_data":25880,"sent_data":1418,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"13874b43d7a0d16e9294fbd7769da715","sha1":"80021aaaf6d92a36a4c07b8a0aa92c828c0e88b4","sha256":"1997c1177df62b07fd1794d3a9f8ebdc72842e6cb20a1e1987e939065921f646","sha512":"403cf4d5c09cb01f3ffa12aab85665ed7f39d89ef43127cc982dc478cebc89f618228abadfdec1aeb9894324335fcd988df24cb715cbba168bdb398dd2dc7461","ssdeep":"6144:y49/+QUgRED0pera7677001NeCHO/SPon:/+gmS767Q01NeCuwon","tlshash":"2b24e7d976927062937334b4902f000fb2bea8a6f10c8955f1c9d9d97e78da89137f6c","size":214296,"data":"","first_seen":"2025-12-05T22:31:48.465207Z","last_seen":"2026-03-18T10:59:26.977539Z","times_seen":566,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9372bad49ab06487235a5db71d2ddbfa","sha1":"99b59b1c9a74dd8c490044abae8386b40fc1690c","sha256":"d675fcc09c707a5d6443322663af4df3ce40daf189c8d7d080e7811a791b66ff","sha512":"ae20e8eb97cb3d48483ef5f388beec62ecf126fcc0430fa4282dc65dab37fa7806002bc954ad11f08f63f737cc09b46e10e89d985e1bcc82ee5c79083d722d72","ssdeep":"","tlshash":"09d022e8c238a53826e522f9d10fe3d09ca5a38bf0c339f0dcbe082d0248a491836462","size":260,"data":"","first_seen":"2025-03-12T03:11:58.118079Z","last_seen":"2026-05-05T00:58:58.065467Z","times_seen":260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15f92ca46c20b71e4ac83e0951409c56","sha1":"6c5588ef4c50167ff6ac4cdb52ebec06d8445a92","sha256":"eec1398f03ab6786d9b23ee9d2209731c81e3cd57ea30a4fd5cafa873da424d4","sha512":"9345ee5e7ef82cbc36fb72eb4d5bda2050dcfec4633f28edf10ca2d8b6eff4f396392ffce08c695b8e439b215c7d2762df0d713e949b60f56a790c9f00718fc3","ssdeep":"","tlshash":"8de0c035f42d010202170270ac772a6a743dea75cfc070b0d23825787684cb6a1596fd","size":401,"data":"","first_seen":"2024-05-04T22:45:05Z","last_seen":"2026-05-05T00:58:58.067529Z","times_seen":1278,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"b4b936eab4235f662d4eb756534d69d7","sha1":"4ee18cb14eaf40e117a19a7f86dcefe6291bc0cf","sha256":"f7650ed40588ee2d1128869afc47866ee4eb09d4860ce1c3e07c9860b7242d33","sha512":"8ab68f0f71a5ed1bfef35dbdad985867b7695f46cd03e3d3bbf2ebe8de35b5a95638f5fdb41fdd52b85ecca95cbcb4a341f6fa560f1cb6a39a2026e22a9af10c","ssdeep":"","tlshash":"0260003c003f00030cc03c0000c0c000c000003c000303f00f030000000003030cc00c","size":12,"data":"","first_seen":"2023-03-07T12:07:12Z","last_seen":"2026-05-05T00:58:58.035615Z","times_seen":2310,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsjs.jpg4.icu/index.php?js=av4\u0026advertisement\u0026","fqdn":"jsjs.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7bef1733eb0e66d46a3982556e8e0527","sha1":"3022b662fa239140f062bbb3301e21566565b32e","sha256":"81835fda3b6ad238e606f0940eddadc388064aad90d67c0a7c47854216fdfa19","sha512":"eac228df8238da2f79b966cecb380185d6bdd98aba25d12eba3661a2b1861e0efa67260da73ff212d80a0b9b7f420a8e2d52e0eb62cbcab9fb6dc85ac04a86a8","ssdeep":"3072:yhV1y+HrCbn5U/4V/FJEvT14EOtsCtJNS63nkA2kDQNv:GPy+HKn5U/4REvyXkA2kDQNv","tlshash":"1414e9f63608502951f302a79a758684f833a02b99416884fd2c6d751f78e7f297affc","size":192015,"data":"","first_seen":"2025-12-24T17:34:12.671261Z","last_seen":"2025-12-24T17:34:12.671261Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e4db08137a7c199dd9d48fe0c7bb052b","sha1":"4b461f3805ac94bc33e0ea1ed326bbf30259fe95","sha256":"ec891441cca0e397b721044198d3ed1b7ae5279b81122438905a0b38b11e2ea3","sha512":"9e9e5919c97cd8c49c4cbdbbb008682b572e91463e550836fcb37efae8c02e01d97577b8adc391e8818e5843d570869240c5e3f7d965b859119218042014cb56","ssdeep":"192:Nq6FhutEEt+Wo7PdQWYiNpuUpUT9Y8xP8nEfh+4o+bszULX7GgyRjFe2exq:g6qK8biNpuUpU9P8EicPKyq","tlshash":"59d27097a344eb3c1cc65b057ce7f3a9d9f2e54f6c938117a871922d11006acfcd6aa2","size":28830,"data":"","first_seen":"2025-12-24T17:34:12.672359Z","last_seen":"2025-12-24T17:34:12.672359Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea77f824de2ef57acb12e7cb6596365e","sha1":"10bad0dbdf30a0471c2c786b349daeb1dd19180e","sha256":"2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c","sha512":"cf69dd76334b7318c829868da8a7e9c2097ef261555388132fc69f95d42e91420e2988056c3d93c830b20059422ae5a82e1109e3dce9127ccb0e23cc5ca27591","ssdeep":"192:N0rZbTPe+fl9SKRGyFgkw+wi+FrZJqbzr+5rA7wbUCzebIkm:N09voK7gzi+FrZJqbzrarAyUX5m","tlshash":"7a22f8b33133fd9f8fba085ac61d61045c7dbc6f4aa94091bb0884e86af4558ead5d34","size":10687,"data":"","first_seen":"2023-03-07T12:02:01Z","last_seen":"2026-05-05T00:58:57.938098Z","times_seen":2344,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fixedjs.4vid.top/?vidjs=51qxezx","fqdn":"fixedjs.4vid.top","domain":"4vid.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c464314281019f9661a5bc038dd79a3c","sha1":"a75a34d9e07301746278e942bf7e72cf68c70bce","sha256":"1516426517d2dc367f5eb57426ab7400a555a4bfe433f2492c26eda55ce990ed","sha512":"715a6dd5ab7cd5c14e9cc6602ebddfd9e4491ef915852eab86a0c7c15e45c7998611c6def39c18c90249b69e02aee21fd70a79310c379df700cc078d40927706","ssdeep":"1536:UMJTUxbKOOmlUJKJzQ2ns+VKPv4n7IrNNYl2xGSKLG7EjzK1dQoKJUJ3PVZJnFpl:NUxbKLJlPs7rYGSKLG8ze6oXPZz8fS","tlshash":"137395bb725d502844e106a369714244fc2be637ad80d290f96c2c316f74e2a99f7fec","size":76996,"data":"","first_seen":"2025-11-25T01:08:54.715442Z","last_seen":"2026-03-15T05:55:43.327555Z","times_seen":257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"0b92303a1cb08e00253e7879d304ee26","sha1":"68bdd0c37dddd5312507918516eaa994a1a1cb93","sha256":"7f10c6dc85b21ab592994c008eea9b75e836674d27bef1d026c511b4fb158432","sha512":"ea194370faf1c720d260f547d126b2beb99385dbbb29af6d954059e7bd3e622bf4040ad7731eaffea192c45551bf8816b8ba85ba40ef1a5ea1edae09e4c770e7","ssdeep":"","tlshash":"e7e0c035342d010202170260ac772a6a743dea750fc060b0d23825787684cb661596fd","size":353,"data":"","first_seen":"2024-05-18T10:55:44Z","last_seen":"2026-05-05T00:58:58.043305Z","times_seen":1356,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fixedjs.4vid.top/?vidjs=51qxezx","fqdn":"fixedjs.4vid.top","domain":"4vid.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c464314281019f9661a5bc038dd79a3c","sha1":"a75a34d9e07301746278e942bf7e72cf68c70bce","sha256":"1516426517d2dc367f5eb57426ab7400a555a4bfe433f2492c26eda55ce990ed","sha512":"715a6dd5ab7cd5c14e9cc6602ebddfd9e4491ef915852eab86a0c7c15e45c7998611c6def39c18c90249b69e02aee21fd70a79310c379df700cc078d40927706","ssdeep":"1536:UMJTUxbKOOmlUJKJzQ2ns+VKPv4n7IrNNYl2xGSKLG7EjzK1dQoKJUJ3PVZJnFpl:NUxbKLJlPs7rYGSKLG8ze6oXPZz8fS","tlshash":"137395bb725d502844e106a369714244fc2be637ad80d290f96c2c316f74e2a99f7fec","size":76996,"data":"","first_seen":"2025-11-25T01:08:54.715442Z","last_seen":"2026-03-15T05:55:43.327555Z","times_seen":257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea77f824de2ef57acb12e7cb6596365e","sha1":"10bad0dbdf30a0471c2c786b349daeb1dd19180e","sha256":"2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c","sha512":"cf69dd76334b7318c829868da8a7e9c2097ef261555388132fc69f95d42e91420e2988056c3d93c830b20059422ae5a82e1109e3dce9127ccb0e23cc5ca27591","ssdeep":"192:N0rZbTPe+fl9SKRGyFgkw+wi+FrZJqbzr+5rA7wbUCzebIkm:N09voK7gzi+FrZJqbzrarAyUX5m","tlshash":"7a22f8b33133fd9f8fba085ac61d61045c7dbc6f4aa94091bb0884e86af4558ead5d34","size":10687,"data":"","first_seen":"2023-03-07T12:02:01Z","last_seen":"2026-05-05T00:58:57.938098Z","times_seen":2344,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js?1","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsjs.jpg4.icu/index.php?js=very","fqdn":"jsjs.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"787b64eef39e3f17b9cd4e0b1a748690","sha1":"a2ea52a66a50532f879ff503c4e11957ee04986e","sha256":"5a86f466237de3034931611f60cbc93c58784b88e6fe627949ce60d8f62d1400","sha512":"5c0fe35c4b9acaaf6d3cdfd84e84a4a2b4eb3e01defec7c754ef30d2aec52cbfa02ae25ee465d48132344d77ac8a52740544f4eedfc51c5e44550fb4a46cb4d1","ssdeep":"","tlshash":"5aa01210f004c83c6488142c80e10a4503c9a1cc42c206024a401b0644767da5202070","size":85,"data":"","first_seen":"2025-10-19T05:57:44.709089Z","last_seen":"2026-05-05T00:58:58.044142Z","times_seen":461,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"e0498db14fe83331f17dc99853bcfcf5","sha1":"f5cb3a321493d833dc79b1de5a12670e66f1427e","sha256":"d3e961841188e795b42e54d35149f83b5e2fba96ff37f301068c85b442bdb914","sha512":"0223c38c221e2c859927bb8623b40ee6c4189f2888792019a65c4f464b0db60d3f707d75267a8efdb024272a99242e87bf974eed60b649a9660600a7ba7ca7db","ssdeep":"","tlshash":"a5110000e2208a28002028332800020800020000c08008008002002000208030ea000a","size":960,"data":"","first_seen":"2025-11-25T01:08:54.725598Z","last_seen":"2026-05-05T00:58:58.039244Z","times_seen":311,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7a29ea0dfdff174648e9beb3ecec7f3","sha1":"d0972bc8bd8fc4d4cad30e3142cc0140caa89cac","sha256":"469a4a22e000da2392229fea77db04fa8b63cac64cf65597e4798e61f7e16c80","sha512":"299ab3946f9675e3ba381a510e4a4124b564e7bcbcf6a25d9b80a380f1c1287be82a5ea9bf72b0fc08f0a7a654438bd8910c0b7b2f9eb04a618b38f85be4543b","ssdeep":"","tlshash":"b9a00000e222008020800c32c0020820ca088888c8002202280a0800202000af0a2383","size":72,"data":"","first_seen":"2024-05-04T22:45:05Z","last_seen":"2026-05-05T00:58:58.038335Z","times_seen":1268,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4b182d46ed8deb89f173af96cc87d63","sha1":"f284888aa3aa2b4797067f887af101642af71549","sha256":"4c957fa6a4bdaddeee58bcbd3b6ef6b0482f94bfa6516f8167b77eb340d87e03","sha512":"ae3a780ca1f236d37a330cce9dde7ff58a7b50442873f36bcb67b739840eee6422ec83dc2b2fdc1119a1cb9699ea1fa4bd4c2ba87e31001ce8249042b9fb57ee","ssdeep":"","tlshash":"eba000aac02a00a20880283000838000c0000228ca2202a00a020000000002c308800c","size":59,"data":"","first_seen":"2024-05-04T22:45:05Z","last_seen":"2026-05-05T00:58:58.058538Z","times_seen":1277,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"264d10031939cccbe6ccacad85d05572","sha1":"6ba289e4515dc98f790c54f154c41f5026e65a3d","sha256":"ca71ec20421522e662c56569f6b1de4a34668cac9465c0dbb28f347952399469","sha512":"4fa8a2033fcbfff126915701936d4656d394f6f3ad7c449f202223b455db9e60555ec46b87bdc3f12d9678610cd9feb23c26efc94d008a4b68df71e12d33ec79","ssdeep":"","tlshash":"558000e0e280a0ba00f2a20ca2002020082ac2280e83e3828c2aa0cc08008f38aeba00","size":34,"data":"","first_seen":"2025-02-08T03:33:08.473479Z","last_seen":"2026-04-22T17:26:51.500018Z","times_seen":498,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.mymediaing.my/sdk/p/?zid=9801","fqdn":"cdn.mymediaing.my","domain":"mymediaing.my","tld":"my"},"ip":{"addr":"172.67.170.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f379ff76a3a373b802f1a2d9523d931b","sha1":"58e22a719d31db4f01235bc8a6026e1b2659b594","sha256":"d1002ee5c238219f39018355411878de2df9370f225fbab154cf36da62f2d89b","sha512":"980d29aacf89af48cc1ffd7fd4ffacb0ef6b2ef0cff7bf86d60b4c2809a49d9a762ae8fbd18b524dbb709ee905e52be487de0d6791be80bdcb8048fdfb86d353","ssdeep":"1536:nFiJtBRiqSJQUUBU1wpIbS0UboLxCSMzHUgNvFi:nDqSJQUUBU1wpIbS0UboLxCSMzHHa","tlshash":"973392982fd0b94053dbab7b772fb4e5f4570c2f6a81484fe225bc20359071beaa5930","size":52894,"data":"","first_seen":"2025-12-24T17:34:12.612131Z","last_seen":"2025-12-24T17:34:12.612131Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b9f832047715f01438c3556824a9aa11","sha1":"174108d5d6cf22d1b907fb0958e29bba7d91576b","sha256":"eb83f6f5d35599bc9dd1268d123d878d528d8289754e9a80c8cdcf62158b57ab","sha512":"7e6972c9f5a59f9f96a5812d3ba1ab18cb32cf665dd82e2ed1dd60d477c4221c7ce9517d5ae25d066c4b0903e0a94a889d4ef6fb94bd67f618c8cfaa9fb4bd62","ssdeep":"","tlshash":"0ca000b0c008a02880a020382000820200308030c0020080aa08808c080083203c2000","size":69,"data":"","first_seen":"2024-05-04T22:45:05Z","last_seen":"2026-05-05T00:58:58.059423Z","times_seen":1273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-620120-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1090003eda1c619e86ed33a94dc3e390","sha1":"2f61b782ce93a117719e589ba5e30201d3ba6138","sha256":"754997bce023caf5ea5a126bdf139ce2b677fe114f4c24dca987bde982d8cbfb","sha512":"8477aeecfb8a032bf32642a263368439001ccef7833be49e464eadd137af75f9251629dfe66487e5bbcb43970b22bbd1b69b7bfdd81e36843ba888eb8bc14812","ssdeep":"6144:8IeJW2bulKYv9VGDmHYmyBFzfns9TWO4Baa5g:dEbu7lEDns5WOmab","tlshash":"905409c8b3da742683a36478503f114bb23b79d1f84cd894e186d8d42e74aaa4277f7d","size":289066,"data":"","first_seen":"2025-12-24T17:34:12.585162Z","last_seen":"2025-12-25T05:36:46.593945Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"domTimer","is_inline":false,"md5":"e0498db14fe83331f17dc99853bcfcf5","sha1":"f5cb3a321493d833dc79b1de5a12670e66f1427e","sha256":"d3e961841188e795b42e54d35149f83b5e2fba96ff37f301068c85b442bdb914","sha512":"0223c38c221e2c859927bb8623b40ee6c4189f2888792019a65c4f464b0db60d3f707d75267a8efdb024272a99242e87bf974eed60b649a9660600a7ba7ca7db","ssdeep":"","tlshash":"a5110000e2208a28002028332800020800020000c08008008002002000208030ea000a","size":960,"data":"","first_seen":"2025-11-25T01:08:54.725598Z","last_seen":"2026-05-05T00:58:58.039244Z","times_seen":311,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsjs.jpg4.icu/index.php?js=av4\u0026advertisement\u0026","fqdn":"jsjs.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7bef1733eb0e66d46a3982556e8e0527","sha1":"3022b662fa239140f062bbb3301e21566565b32e","sha256":"81835fda3b6ad238e606f0940eddadc388064aad90d67c0a7c47854216fdfa19","sha512":"eac228df8238da2f79b966cecb380185d6bdd98aba25d12eba3661a2b1861e0efa67260da73ff212d80a0b9b7f420a8e2d52e0eb62cbcab9fb6dc85ac04a86a8","ssdeep":"3072:yhV1y+HrCbn5U/4V/FJEvT14EOtsCtJNS63nkA2kDQNv:GPy+HKn5U/4REvyXkA2kDQNv","tlshash":"1414e9f63608502951f302a79a758684f833a02b99416884fd2c6d751f78e7f297affc","size":192015,"data":"","first_seen":"2025-12-24T17:34:12.671261Z","last_seen":"2025-12-24T17:34:12.671261Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsjs.jpg4.icu/index.php?js=very","fqdn":"jsjs.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"787b64eef39e3f17b9cd4e0b1a748690","sha1":"a2ea52a66a50532f879ff503c4e11957ee04986e","sha256":"5a86f466237de3034931611f60cbc93c58784b88e6fe627949ce60d8f62d1400","sha512":"5c0fe35c4b9acaaf6d3cdfd84e84a4a2b4eb3e01defec7c754ef30d2aec52cbfa02ae25ee465d48132344d77ac8a52740544f4eedfc51c5e44550fb4a46cb4d1","ssdeep":"","tlshash":"5aa01210f004c83c6488142c80e10a4503c9a1cc42c206024a401b0644767da5202070","size":85,"data":"","first_seen":"2025-10-19T05:57:44.709089Z","last_seen":"2026-05-05T00:58:58.044142Z","times_seen":461,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"domTimer","is_inline":false,"md5":"fc0f0c892151b495af634faf41a8af7d","sha1":"f1dcadca7eb9a3ae799b9f0e48c7ffff9dc732b8","sha256":"00c7da82ac5e19146b267db1da74f1c4f5e42aa1c4303569ae2561362c702d4a","sha512":"31ffc20ccf95e5ff3af2ce3c89500942ac246ecb64772e9b9082e53ce6c2f16b6d3878da73340f30701dfcb0c8c5ecd36d97f4f14a16821e5db5f828a5ad2f99","ssdeep":"","tlshash":"fd110000c802022202030b3a2008280020000200c082028000a000000080820002280c","size":931,"data":"","first_seen":"2025-11-25T01:08:54.722116Z","last_seen":"2026-05-05T00:58:58.056271Z","times_seen":191,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"13b29d7aeaa1d827a9a3feeb39148a43","sha1":"da2040ef13a2d1ce62b0eef9c6ced0fe14f66b28","sha256":"d2d18329527d4d7d4acda028f92281274ac2a08bd840af1c0480620582f98338","sha512":"86dc2b9ccd6cda65753b62b83dda93aabd9272931c1cd9bae1a56ccb607d7de074a8b9873c3a91b69479abf9fb911a4e10b47e0ae7f9cd242d638ce732869c53","ssdeep":"","tlshash":"466000003333000030c00c03c0000c00cf0c00cc000030003c030c00303000030c33c3","size":14,"data":"","first_seen":"2023-03-07T12:07:12Z","last_seen":"2026-04-12T19:29:51.785587Z","times_seen":1774,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"fc0f0c892151b495af634faf41a8af7d","sha1":"f1dcadca7eb9a3ae799b9f0e48c7ffff9dc732b8","sha256":"00c7da82ac5e19146b267db1da74f1c4f5e42aa1c4303569ae2561362c702d4a","sha512":"31ffc20ccf95e5ff3af2ce3c89500942ac246ecb64772e9b9082e53ce6c2f16b6d3878da73340f30701dfcb0c8c5ecd36d97f4f14a16821e5db5f828a5ad2f99","ssdeep":"","tlshash":"fd110000c802022202030b3a2008280020000200c082028000a000000080820002280c","size":931,"data":"","first_seen":"2025-11-25T01:08:54.722116Z","last_seen":"2026-05-05T00:58:58.056271Z","times_seen":191,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"031272e79a9911f16d484b354be88c9d","sha1":"7d875792a099de314c9ddffbe10de67a443a96f5","sha256":"4562dba0f875615fa36535736a46725e70e63715a6ddcf54aa661fd653ca3db3","sha512":"abb30f2699a3c36dd5511949b2d74ffae557f269e6544cd36a28741a22561f1c6f2508bb0c16d53e9f9ec6c35fc7893d2b28bca2345d0102204045862a408249","ssdeep":"","tlshash":"54d022e88228a52826a522c9d10fe3d09ca5a38b708339f0dc7e082d02489491436462","size":202,"data":"","first_seen":"2025-03-12T03:12:27.527113Z","last_seen":"2026-04-12T19:29:51.786298Z","times_seen":366,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"d170c17ae6ff8efc74d28a6e19f8ea0d","sha1":"6389888951ca149b44a486dc199f4b395352f544","sha256":"d0b2da63a59351dcae26ceea570d089c69fdf5c03b6e0161cbada6386d663122","sha512":"e2984271e11c901481d7202e69e1d3294cedfedef0ad757f50de8437e4d035f49b559f819359da2a13aa47914c6567f04d5b97304ea44597ea66ed4f47f3e7a2","ssdeep":"","tlshash":"a890027b98243042154900829047551c401d240896e096494857704564c012d61b1105","size":51,"data":"","first_seen":"2025-11-19T01:18:40.603002Z","last_seen":"2026-03-03T14:10:04.007743Z","times_seen":210,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js?1","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"introduction_type":"eventHandler","is_inline":false,"md5":"e8165bfbe0a84a065d8bba5ecdde8647","sha1":"7e5f9ca58e40f57650ab5078b295e3e6af7777cd","sha256":"916d5f069ecab1ea3e57a97502d36d60d04968f99a9413b0d620e850ffdc970e","sha512":"28858e8e914beb5bc12479df8f2920faeec9681bddad25493876e9eba301373af1e813819db91eb7fdcf9dab9d0aa552cd2735987f1d61d597ff60853df0b906","ssdeep":"","tlshash":"3ea0027f963554762a814781708f5e5d5466754b89b58728b85734f2708006db131b52","size":66,"data":"","first_seen":"2025-11-19T01:18:40.601427Z","last_seen":"2026-03-15T05:55:43.328248Z","times_seen":313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"2badd01f80cd03eb7ffce90487ab3f71","sha1":"1d0af7cc184466c7d86216085ea60242daeb1eb4","sha256":"e8f6c4dca8b7093bad96494bef55525265ce366c13dc6f76d9358cca8ee182d4","sha512":"ec9d7c3fe33550482bf70ec70ab0f2bb4c989ce096f4744d2e29646fae993113711dcf2c447e743ce4d422299d5b5155561522571a5b3c617d138ea55299078c","ssdeep":"","tlshash":"0b900410c47007103004550cc47573570531430d5f45171c0f10d4d3f5cf110553014c","size":43,"data":"","first_seen":"2023-03-07T12:07:12Z","last_seen":"2026-05-05T00:58:58.079234Z","times_seen":2357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"edc24b7d2fc7536422daee6621435edf","sha1":"71fd4875b509449d820e6a3dd7d83e5f6c31fac8","sha256":"ec599569faa2feb73e0954dcb1f0f7ac5ba6d49ad50d17d3932506608b86a2fc","sha512":"04c6206b3bc1bac7456e96da9d1c58b9a9173e86ff91e8c94fbcd1088b011b5660519419f7971fae6370e8f281951c046c3539ea74a00f7b29830311e0174b34","ssdeep":"","tlshash":"c79002532d0494c2214558c564a0a80f9411644a58a4869688a5051161082ec0842500","size":55,"data":"","first_seen":"2024-04-16T15:37:12Z","last_seen":"2026-05-05T00:58:58.070708Z","times_seen":2328,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f20082213ea16092c74eb4f66989ffa5","sha1":"a78933916b598978a23989de5eb87637c7ff5f95","sha256":"4af0a8ad5459916b3f80fee22a034cfe8ec5cabe9359fe2a128ea1198183d404","sha512":"d4f71cc2e66a148010cef0d83ef38f565148a03818d17016cbb1567a4d6e73078aeb23e345b0ee14ebde7650ef6ca033b19dcb55f746d6b804857043fcd5c935","ssdeep":"","tlshash":"29412c5f92c8b0bf6291e749687bf70bc0a574c6659b0903f872056f74409ccbd47b9a","size":2223,"data":"","first_seen":"2025-12-18T16:49:10.092312Z","last_seen":"2026-01-09T21:07:03.841119Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2f4a8f349f168e220786a0dbab8a0c2a","sha1":"c309ae69ac0c916b5dc834bfe725548962e0a5fa","sha256":"ae4f14e7d2b8b01e0e0ad877dec02240a6c254406b0e76f727e736b34ff0ebc7","sha512":"3d3d6db522b67f1df694a533bc1170a715aa734f81a88666f3b4a62b337233fe4f7c0f837c8c29df8c5db11be322c66b5134e653693e52ad76a16c7a170e2107","ssdeep":"","tlshash":"e38004d45415757440c0d57130515045cc5500d300f555c3c4d15c013444d513045515","size":36,"data":"","first_seen":"2025-11-30T14:45:44.262171Z","last_seen":"2026-03-06T23:47:23.105704Z","times_seen":134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8da66cae5fc09ad0ad54710cd4960dbd","sha1":"01ef404d9c252491d6f0cd6900cce145d4b76db1","sha256":"90b1ab53462f9b18c6a0d06704f07055e834c86239bdc87a3708514e9a6b6762","sha512":"5d4f175963755b790e21d7765434cab11676f9d02d4d9fa2885c05dbb2dd665ec871d93e3b7d9f50f79de7ed991f8815f7e6dc1bf82f9b1c70c8d4becf28e953","ssdeep":"","tlshash":"c1b0124b1d0c882f25319c40a552647f0072f0263510caee84b40120dc302cc4420400","size":88,"data":"","first_seen":"2023-03-07T12:02:01Z","last_seen":"2026-05-05T00:58:58.073055Z","times_seen":2427,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ba2d069a5ce8ce7375ebf3de4090d6ab","sha1":"047efdb45f9ab165220bad539963beafff342c21","sha256":"f9d065cd35e491e424a72fd109f41436dc68807c941b0dac69ef18756b5be44b","sha512":"8f42f09500b77f9a4a064300140e70273f97f89f18fa9916343576c0a585f22f072c75bff915ba21cfcec94719465b509a8d417aba75860b4192627abdcac837","ssdeep":"","tlshash":"10d0a76b0c21b4528a2042e5e067500cc05e980a93d4da6280c794327580bed247d51a","size":232,"data":"","first_seen":"2025-11-19T01:18:40.612848Z","last_seen":"2026-03-15T05:55:43.351877Z","times_seen":337,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"http","addr":"fixedjs.4vid.top/av4usimage.png","fqdn":"fixedjs.4vid.top","domain":"4vid.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.223Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /av4usimage.png HTTP/1.1\r\nHost: fixedjs.4vid.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 24 Dec 2025 17:33:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 2619\r\nConnection: keep-alive\r\nServer: cloudflare\r\netag: \"a3b-6437702003080\"\r\nAccept-Ranges: bytes\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Cake\r\nCache-Control: public, max-age=360000\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KBBwlRLHXCy5e0L1LnACq5wijGcz0V33P62VMdOgig9CUPc3QxybRa2zqEzcQ%2BUJbM7B2nizQjj8Bzk9vPzcqoHNRqlI72vm8axE7EhN\"}]}\r\nAge: 31512\r\ncf-cache-status: HIT\r\nVary: accept-encoding\r\nCF-RAY: 9b31d7c9180c568a-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2619,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 339 x 89, 8-bit/color RGB, non-interlaced","md5":"8267aaadeeeb8c9fa7482f2f9db2d4e3","sha1":"a2ef23d3b5f9d9bb3102c855a8ace072884ba60c","sha256":"998cf9d427c2e322904e89a056ba823b56078fb199b7395883f3eafabaadbea8","sha512":"719215d8ec70b8b36b24277a80e7876be2fa1afe3698c05bbff013b6a2936701f266e694c221756e7306d1a945013986a53e41af0bc90bdd4bbf0dcbe33f7637","ssdeep":"","tlshash":"f5513ccb05b2fdbc657d79976105a79ef3a896c72982b872565c38c14243a0096c1fe1","first_seen":"2025-11-13T21:07:01.541567Z","last_seen":"2026-05-05T00:58:57.944017Z","times_seen":365,"resource_available":false,"data":null}},"time_used":851,"timings":{"blocked":395,"dns":22,"connect":5,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"fixedjs.4vid.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"x436.com/vs/60958372.jpg","fqdn":"x436.com","domain":"x436.com","tld":"com"},"ip":{"addr":"172.67.175.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"x436.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 31 Oct 2025 15:55:24 GMT","end":"Thu, 29 Jan 2026 16:53:11 GMT"},"fingerprint":{"sha1":"09:24:8C:11:1A:1E:6E:32:B2:2F:60:A2:AC:CA:A4:A1:57:BE:CE:E2","sha256":"FC:B5:36:70:24:86:DB:CA:70:50:9F:D8:52:98:FA:20:64:C0:EC:22:54:75:ED:D5:EA:08:1B:76:2F:E2:7A:76"}}},"request":{"raw":"GET /vs/60958372.jpg HTTP/1.1\r\nHost: x436.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 89778\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 29 Nov 2019 12:09:49 GMT\r\netag: \"5de10a8d-15eb2\"\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nage: 4926\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EElzksRwaAsyXHieQMdu73UxxuwC0e793iWVUwGdil%2FI2v%2BIMFUezWJzhxHAs7HNzbbpaLkjVhFNkpBXOV1PY9hOnmrdpg%3D%3D\"}]}\r\ncf-ray: 9b31d7cbaf0d56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89778,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: \"Lavc57.64.101\", baseline, precision 8, 854x480, components 3","md5":"8997eb3a2529e006e79ad195680a470b","sha1":"2a875e967e3923f46071e4095e160f9b1edb711a","sha256":"af028890173dc057f65c90d91e0b39f2d6783f8ab64606fe5b92f2f0724e5e68","sha512":"8fc15867e6bfc482c583ebe3067869107d3559fead95394895cd27d6656e9186b3a7bf460c1dc81d81dee8f3b4e0580ec2892dc1236567a04d85544a638a9e87","ssdeep":"1536:QZilur5C+3a3vRiWMKL8ZkgaOA/gi29jKvn2xeJBgU/E0/apFTv84B:2itRibKL8Zgr/gi29W+xeJNtaXn","tlshash":"1d9302c6008f16e08d1f679037a60777c0d79963f0dab3838a07aefc9f4865a295d9d6","first_seen":"2025-02-14T15:16:15.901317Z","last_seen":"2025-12-24T17:34:12.583197Z","times_seen":13,"resource_available":false,"data":null}},"time_used":799,"timings":{"blocked":378,"dns":2,"connect":5,"send":0,"wait":15,"receive":3,"ssl":339},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/uoii7don_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/uoii7don_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 657322\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Wed, 17 Dec 2025 02:57:54 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e%2FauWuCmc%2BgoHqZabzXzxBLf6VqixajjU8%2BLxdlQEF3ydPkFyp7bCBBShR4vpkQfCmvS5syvDhGj6FOzjPZzoVApJtLI1syZ2OM%3D\"}]}\r\ncf-ray: 9b31d7c71f52b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":121927,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 700x790, components 3","md5":"f0b47ea983d48f9bcd0217b7302e5f91","sha1":"f0b5f8b0a46ba0cd481f170ed513a6645233eac3","sha256":"bb9969eba59598ff8dbbba14717ee6cdd6ded9d7f53463261110cf5b9f16c5d3","sha512":"04995f7e0864e18dcf20269d2f262873334dde222d934d691f75ca950dac74f73bfe49adf70f50f680448f8f7fa8c1fcd2fd6bab04d0dae6335f8a94b84f5a22","ssdeep":"3072:OK95BLSD1yr3KV9pwVDp14ec7bRpamUMsJRc7gZc:OK3paorosVP61MmUMZp","tlshash":"7dc3027a78bd1388764d90ddf2e1af40dc2594842047b6f0b11b5d25f7b8a7be02af18","first_seen":"2025-07-25T06:11:27.423143Z","last_seen":"2026-03-02T10:40:01.525878Z","times_seen":53,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30399\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:57:46 GMT\r\nexpires: Sun, 20 Dec 2026 10:57:46 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 369333\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"resource_available":true,"data":null}},"time_used":486,"timings":{"blocked":227,"dns":3,"connect":8,"send":0,"wait":11,"receive":13,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-620120-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=UA-620120-3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\nexpires: Wed, 24 Dec 2025 17:33:19 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Wed, 24 Dec 2025 15:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 102691\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":289066,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3321)","md5":"1090003eda1c619e86ed33a94dc3e390","sha1":"2f61b782ce93a117719e589ba5e30201d3ba6138","sha256":"754997bce023caf5ea5a126bdf139ce2b677fe114f4c24dca987bde982d8cbfb","sha512":"8477aeecfb8a032bf32642a263368439001ccef7833be49e464eadd137af75f9251629dfe66487e5bbcb43970b22bbd1b69b7bfdd81e36843ba888eb8bc14812","ssdeep":"6144:8IeJW2bulKYv9VGDmHYmyBFzfns9TWO4Baa5g:dEbu7lEDns5WOmab","tlshash":"905409c8b3da742683a36478503f114bb23b79d1f84cd894e186d8d42e74aaa4277f7d","first_seen":"2025-12-24T17:34:12.585162Z","last_seen":"2025-12-25T05:36:46.593945Z","times_seen":2,"resource_available":true,"data":null}},"time_used":580,"timings":{"blocked":262,"dns":3,"connect":9,"send":0,"wait":25,"receive":25,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","date":"2025-12-24T17:33:20.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://css.jpg4.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 3953\r\ncf-ray: 9b31d7dddc43b1b8-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5ed16b69-29bf\"\r\nlast-modified: Fri, 29 May 2020 20:07:05 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 413847\r\nexpires: Mon, 14 Dec 2026 17:33:20 GMT\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Dd%2BqSt6rGsvI77iSssbtGtKvtPi6pj1nUshNE9KSiL70Js%2B%2F%2BZA5aOKRiI%2B74uIHIoLudUAmponoPYpXAfMfnRwiM9jSh1OZBVTArkJutTpKERvkR221rlpTWFJTlmFLjcnC8Wwn\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10687,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (10613)","md5":"ea77f824de2ef57acb12e7cb6596365e","sha1":"10bad0dbdf30a0471c2c786b349daeb1dd19180e","sha256":"2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c","sha512":"cf69dd76334b7318c829868da8a7e9c2097ef261555388132fc69f95d42e91420e2988056c3d93c830b20059422ae5a82e1109e3dce9127ccb0e23cc5ca27591","ssdeep":"192:N0rZbTPe+fl9SKRGyFgkw+wi+FrZJqbzr+5rA7wbUCzebIkm:N09voK7gzi+FrZJqbzrarAyUX5m","tlshash":"7a22f8b33133fd9f8fba085ac61d61045c7dbc6f4aa94091bb0884e86af4558ead5d34","first_seen":"2023-03-07T12:02:01Z","last_seen":"2026-05-05T00:58:57.938098Z","times_seen":2344,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn77-pic.xvideos-cdn.com/videos/thumbs169ll/45/2b/07/452b070795d241bce71f8e1f8e4c4e1a/452b070795d241bce71f8e1f8e4c4e1a.20.jpg","fqdn":"cdn77-pic.xvideos-cdn.com","domain":"xvideos-cdn.com","tld":"com"},"ip":{"addr":"185.76.9.7","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvideos.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 15 Oct 2025 00:00:00 GMT","end":"Sun, 15 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3C:93:93:D2:61:40:5B:B9:F9:EB:A2:B0:78:48:57:C0:F2:41:42:42","sha256":"D9:3E:6D:83:C8:0E:74:42:32:A1:4F:A3:9B:CA:3A:9D:E0:D2:60:38:FF:BF:EB:0E:36:AA:3E:41:44:D5:A7:59"}}},"request":{"raw":"GET /videos/thumbs169ll/45/2b/07/452b070795d241bce71f8e1f8e4c4e1a/452b070795d241bce71f8e1f8e4c4e1a.20.jpg HTTP/1.1\r\nHost: cdn77-pic.xvideos-cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9518\r\nx-frame-options: sameorigin\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Thu, 12 Mar 2020 12:21:58 GMT\r\ncache-control: max-age=10368000, public\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJBgH3ScIvAAwBJRPCNwH3FKghAAgBj/Q63QGB\r\nx-77-nzt-ray: 5451992d8dc1523cde234c69a477c503\r\nx-accel-expires: @1771927751\r\nx-77-cache: HIT\r\nx-accel-date: 1763467669\r\nx-accel-date-max: 1723676492\r\nx-77-age: 3129929\r\nserver: CDN77-Turbo\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":9518,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85\", baseline, precision 8, 352x198, components 3","md5":"356fbaefdb2eaf3267c345f8bccedcf0","sha1":"7e01ce49522ea9f03c930c78f55cc022e7a9c8b6","sha256":"11bdda20b417892ad7968216389825d48857f8f895de89cb8bd0f7a7bca333f7","sha512":"e8320fbde4873a7ab9f42899da87d5bd07af2ad9938f6d8abf2a2c93b55a17ffb22fa54045241e12fa3462b86c6a7369200ec0f26fcb97f1e37324b2a0c3adb6","ssdeep":"192:y+/RmIdB+bygeJm0wPMsKlwG9VhD3AURDU/YXB9omcKKpUX:y2RmY8bygd0u+lBLVAUOdmAUX","tlshash":"8e12b00d8e5974b8fcce66389c1915d5b57da92dfc280ac14d06b9e5eb808c4dba228e","first_seen":"2025-12-24T17:34:12.586531Z","last_seen":"2026-01-11T16:31:17.486019Z","times_seen":2,"resource_available":false,"data":null}},"time_used":783,"timings":{"blocked":336,"dns":1,"connect":78,"send":0,"wait":8,"receive":2,"ssl":283},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.9188porn.com/upload/vod/20241028-15/cd8fe33b27527ca661c9b3bed5104ba4.jpg","fqdn":"www.9188porn.com","domain":"9188porn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"9188porn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 09:28:02 GMT","end":"Mon, 02 Mar 2026 10:23:10 GMT"},"fingerprint":{"sha1":"A6:75:08:AB:20:D7:2A:E6:2B:50:C1:DA:59:F5:40:7B:7D:28:9E:C5","sha256":"83:9C:6B:2B:35:92:4D:96:4D:22:2B:45:AC:B4:E7:32:B2:F7:DA:26:69:E8:C4:BF:67:0F:41:0C:14:74:D9:09"}}},"request":{"raw":"GET /upload/vod/20241028-15/cd8fe33b27527ca661c9b3bed5104ba4.jpg HTTP/1.1\r\nHost: www.9188porn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nclO%2BuTcpxW312dOz5WFhz4N0rZbwEUfLIbQgre51UJ6Up8jvqo3kwlSiJ2UBf7iwhmhUEGYm45EFnowOCfgaU%2FcKpbC4csBqcrsTm62\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b31d7cb5b23569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":689,"timings":{"blocked":322,"dns":2,"connect":4,"send":0,"wait":11,"receive":0,"ssl":311},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20250106/ghbmhcDL/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"208.64.217.23","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20250106/ghbmhcDL/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 4254\r\nlast-modified: Mon, 06 Jan 2025 16:26:51 GMT\r\netag: \"677c044b-109e\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4254,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 250x168, components 3","md5":"593112334d68faa714891a8e3309826e","sha1":"dc814f537a4d5813f483054952c4dba95559eda9","sha256":"93b4fc6656a2e4875cd55c61334fa443e686ef7ae7ce2ad29b27689df8097129","sha512":"41121e2ea35275f6d245dd3459bcb696ac3900dd81579a4263beee917bf7a8bbc5046311ce6a41b4395d82bb134d3f724d480b9a04db594806a68ed761d5692f","ssdeep":"96:u0XTFff8VznrsgzNeN/wnHUzMJWIMUpMF8QY4:NXTFGrbzNeN/q0zdUpM+4","tlshash":"f3916f48ba0c24e8de03033e76243677815dc2dc6b1995f74ce97a24cdeb9a0fee0159","first_seen":"2023-06-01T22:56:06Z","last_seen":"2026-01-13T15:17:47.303151Z","times_seen":33,"resource_available":false,"data":null}},"time_used":1776,"timings":{"blocked":296,"dns":8,"connect":169,"send":0,"wait":150,"receive":0,"ssl":1142},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icdn05.zzztube.tv/5783/289144_1.jpg","fqdn":"icdn05.zzztube.tv","domain":"zzztube.tv","tld":"tv"},"ip":{"addr":"45.133.44.6","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icdn05.zzztube.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:33:26 GMT","end":"Sat, 24 Jan 2026 02:33:25 GMT"},"fingerprint":{"sha1":"E0:56:26:7F:CC:31:E2:72:C6:80:F3:2D:7E:AC:85:15:64:06:6B:13","sha256":"96:F7:0A:FD:A9:94:A2:3E:CF:BD:F1:47:9B:67:67:0E:F1:5F:4B:DB:2B:33:F6:8A:56:AB:2B:80:B0:C9:E3:E0"}}},"request":{"raw":"GET /5783/289144_1.jpg HTTP/1.1\r\nHost: icdn05.zzztube.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9396\r\nserver: nginx/1.24.0\r\nx-object-meta-mtime: 1598690480\r\netag: 4d5a68c92bcf45ae899c7c2f873ce294\r\nlast-modified: Mon, 07 Nov 2022 15:45:23 GMT\r\nx-timestamp: 1667835922.88558\r\nx-trans-id: tx73c9d732e76847d69032f-0067d21e17\r\nx-openstack-request-id: tx73c9d732e76847d69032f-0067d21e17\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\ncache-control: max-age=2592000\r\nexpires: Fri, 23 Jan 2026 17:33:18 GMT\r\nx-cdn-host-id: ah1004,DS9225\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9396,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x170, components 3","md5":"4d5a68c92bcf45ae899c7c2f873ce294","sha1":"e2d1fd3208551f45f6af4748e6b520206397e467","sha256":"4b84b9956586faf847c439e27c60bf540aa4a26ff4565fefc21595f69e1c7947","sha512":"480971bab1bc0e6531b73f1570bf4a13268c3455c5e7cfbcec7df9584c71a38bc33bda4de73a19d8ea7068a28bd6f17ce4122ff34e87140c123f151d3816a3ea","ssdeep":"192:yexULUzG2pAHLlQjEVP9a4P3TomUvmozL1axRAaI:pIUq2pACjEr3LGX1axGR","tlshash":"bf12af2bcbf4080bc90de178825905901c1fe3e34718f85716611ed89750996ff7bae6","first_seen":"2025-06-03T04:10:59.182853Z","last_seen":"2026-03-01T16:28:28.682375Z","times_seen":35,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"blumpkintube.com/favicon.ico","fqdn":"blumpkintube.com","domain":"blumpkintube.com","tld":"com"},"ip":{"addr":"104.21.79.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blumpkintube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 21:29:09 GMT","end":"Fri, 06 Mar 2026 22:25:31 GMT"},"fingerprint":{"sha1":"F0:75:18:71:3B:57:62:7E:D0:B3:6D:BB:CB:8B:B7:85:4A:62:A2:F9","sha256":"83:20:32:82:21:E4:38:2F:12:C3:85:A8:D6:B1:D1:E0:F4:EF:92:1B:D2:51:B1:35:BB:20:DF:AC:53:43:CA:F8"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: blumpkintube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Fri, 29 Nov 2019 11:53:39 GMT\r\netag: \"5de106c3-47e\"\r\nexpires: Thu, 24 Dec 2026 05:49:02 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nage: 42259\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qpa8q1esu9s%2FWL0iujul1xtPUFpmnb1f4KlHqSz51mAq0t3QMhhsKWSFZVb9D98VN3rZaPMNNL1T1KBf82Ce8AiCZG801fBB1ISROK7lctw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b31d7e4b95749c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"3de13983da1e7755426362ee988fae6a","sha1":"51d87d2cb8a6950b5e1c8ca24a257cb397664a93","sha256":"16c3dc433b7b2460b9ba12b1aa28a14c598e93f5bab8f7cb1b5afa3989457c05","sha512":"788bdd434e346a864dbebe4681af25ad503de3d27baf36fe96ac013fc9bd3d207f7641ff85a353da57ad6cccd6e5ce4419de2d6653dba9622bdcb4bac81b1d02","ssdeep":"","tlshash":"3721a45d6404a4bdfd98f77a331175068ede76b2317a00f507e01f676462258b8c6ea0","first_seen":"2024-05-18T21:25:43Z","last_seen":"2026-03-03T14:10:03.70959Z","times_seen":399,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filtradas.com/uploads/default/optimized/2X/1/1b77e51feb7ef192e38c4a94482a8293b0a276ea_2_594x1024.jpeg","fqdn":"filtradas.com","domain":"filtradas.com","tld":"com"},"ip":{"addr":"91.234.199.87","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filtradas.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 04 Nov 2025 03:08:59 GMT","end":"Mon, 02 Feb 2026 03:08:58 GMT"},"fingerprint":{"sha1":"E1:A5:18:66:02:A1:30:48:C0:63:B8:0D:A6:A0:6A:4D:49:FB:31:A4","sha256":"F3:EF:EA:51:6F:29:3C:97:1C:9E:B5:C9:DB:69:E9:BE:55:EA:E1:47:AC:EB:1B:EB:A6:2A:5B:B1:74:85:D0:AB"}}},"request":{"raw":"GET /uploads/default/optimized/2X/1/1b77e51feb7ef192e38c4a94482a8293b0a276ea_2_594x1024.jpeg HTTP/1.1\r\nHost: filtradas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 65508\r\nlast-modified: Tue, 12 Aug 2025 05:19:06 GMT\r\nexpires: Thu, 24 Dec 2026 17:33:18 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65508,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 594x1024, components 3","md5":"58cdf51bde4fab6d61ef3202ef1dcf43","sha1":"7994b7ac6df012b0915783eef865ff8284bd681f","sha256":"1bbcffd8cdff5d3846274ec709e1eb5159c784e1941cab57d43ac98ea0517635","sha512":"3dab2398d4ce34986b595e233df20625e9d42ed59d3a649bc59663c30fe1ad29c474f1746b47c6314a6c1bbf8252eb86727258135355c0c70389053059670515","ssdeep":"1536:6EegGAVZM8ay5r3XLeDkFtxkuBRZuuG4kC28Pn+J:6ERGAALyteDkyu4uG4kCDfK","tlshash":"bc5301c8102c78fdbaa24c2953571d7d61d84b175cad67be98c9fcaafc42410dbcac29","first_seen":"2025-09-03T14:35:14.032376Z","last_seen":"2026-01-31T10:39:20.95931Z","times_seen":93,"resource_available":false,"data":null}},"time_used":985,"timings":{"blocked":336,"dns":3,"connect":125,"send":0,"wait":113,"receive":22,"ssl":316},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/003/363/4.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/003/363/4.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11794\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:20:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8f3-2e12\"\r\naccept-ranges: bytes\r\nage: 1927694\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cjetE%2BakOJhpw%2BWNLkn%2FoZv%2BY318rEk1gNoGYkxTebSMLoYmaq6lAwXS0%2FakYVeVo5Lc9cer%2BiXDGrdL1Wn%2BQKGLpPvxXjpyprksV6%2FK\"}]}\r\ncf-ray: 9b31d7c6e8fc56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11794,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"da66607e9e500d6381560ee23916155d","sha1":"43887dcb02aa5cf640e34a6f5f710e827cbb7c72","sha256":"c0fdcd35b807eb1b11fc81b6fd1619af77a33c5cd7206eb476f2ec124489c954","sha512":"20bcdbe553f9cb6d8cd7e0b2e1dd68acdf9bd351719ca7fd0b5a4bff390b9d40268fc1b7af6954bbfcfa592b4488e6c0c4614beee2e64406146ea3df7d945119","ssdeep":"192:hFzX8HfTCdT3723GNbYlJyilo0cnVOMCc0GGFarl3WPik3+sX85g:hFVT37yGNclYilDcnMUlJk378C","tlshash":"05329e01fec8e44eff5c81a96f5207155323e787fd4d386eb1a016f24b6a7a053a05ea","first_seen":"2025-12-24T17:34:12.589921Z","last_seen":"2026-01-11T16:31:17.450681Z","times_seen":2,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.sexmutant.com/preview/me-coji-a-mi-sobrina-de-11-a-os.jpg","fqdn":"www.sexmutant.com","domain":"sexmutant.com","tld":"com"},"ip":{"addr":"104.21.21.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sexmutant.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Dec 2025 14:00:46 GMT","end":"Sat, 21 Mar 2026 14:57:01 GMT"},"fingerprint":{"sha1":"84:A0:25:3A:60:C4:8A:6E:A3:51:10:96:E4:F8:19:77:FA:A0:84:72","sha256":"3D:3A:D8:DE:59:59:A2:2B:39:F2:03:BA:FF:42:13:BE:A5:16:CF:E0:0E:47:97:BF:AA:98:D6:E6:CC:9A:E2:83"}}},"request":{"raw":"GET /preview/me-coji-a-mi-sobrina-de-11-a-os.jpg HTTP/1.1\r\nHost: www.sexmutant.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 27207\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Mon, 12 Jan 2026 13:30:50 GMT\r\nlast-modified: Sun, 03 Oct 2021 14:43:48 GMT\r\nx-response-time: 0.028015\r\nx-status: 0.000 HIT\r\nage: 641237\r\naccept-ranges: bytes\r\ncache-control: max-age=1627051\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RL9khiuNuuFe3pm3BUH%2FbSIPv6Bl0T7i7ww2duoszByGz7pwXLsTJjEm%2FL5Z6gejinU8220LWuHdmNFe2OaDGfnxbhmeK10LwuLP449NTQ%3D%3D\"}]}\r\ncf-ray: 9b31d7d45a570b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27207,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"\"Me Coji A Mi Sobrina De 11 A Os\" saved from https://www.sexmutant.com\", baseline, precision 8, 564x317, components 3","md5":"d10a66eb6712076d3fee30ef46061f6f","sha1":"18a242b17723161b1254023b4508bae8519ee688","sha256":"04c16831129068353d04c0bfc6e2a45c13cb2efbffb3f99a9f55033e64981747","sha512":"c4c0e98f4352492a145d8ec655d3edc45cb02c0a40d2ec5ae9976e064d6bacd80f02a766782dc683eec2b8bcc5d10c7f6f0f7ee34b59878f2104ed02c7b1043a","ssdeep":"768:2wQdgEq3xHzjxDWgcwK/nFSUrPhrnbk4t7V/Fon2n:5QKPxhcXFSUrVbk4TFon2n","tlshash":"dbc2f2028d415d4774e9d9598947caebdb6c5300b3c3d926ea13eb32f1622b9053a85f","first_seen":"2025-10-16T15:47:39.892729Z","last_seen":"2026-03-03T14:10:03.511565Z","times_seen":20,"resource_available":false,"data":null}},"time_used":1113,"timings":{"blocked":461,"dns":36,"connect":1,"send":0,"wait":7,"receive":1,"ssl":604},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.effedupmovies.com/favicon.ico","fqdn":"www.effedupmovies.com","domain":"effedupmovies.com","tld":"com"},"ip":{"addr":"45.138.107.13","port":443,"asn":208414,"as":"WEDOS Internet, a.s.","country":"Czechia","country_code":"CZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"effedupmovies.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 02:09:26 GMT","end":"Wed, 28 Jan 2026 02:09:25 GMT"},"fingerprint":{"sha1":"A0:38:95:81:F9:B6:07:3A:91:08:79:94:2C:37:D0:A0:70:E0:C9:8A","sha256":"E1:0C:A5:0E:23:DF:97:60:D8:03:51:23:22:3C:F6:70:39:50:68:A8:83:61:4D:49:EE:12:D9:F3:7E:BB:F4:45"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.effedupmovies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: https://www.effedupmovies.com/wp-content/uploads/2025/09/cropped-favicon-32x32.png\r\nvary: Accept-Encoding,Cookie\r\nlink: \u003chttps://www.effedupmovies.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nx-redirect-by: WordPress\r\nx-powered-by: PHP/8.4.15, PleskLin\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-protocol: HTTP/2.0\r\nx-request-id: 435ada58c2235489961b61c760d7d7ae\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP:8.4.15","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":12890,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":-1,"dns":48,"connect":23,"send":0,"wait":127,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"www.effedupmovies.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/006/405/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/006/405/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10595\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:18:55 GMT\r\npriority: u=4,i=?0\r\netag: \"65fec8af-2963\"\r\naccept-ranges: bytes\r\nage: 1130131\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CwTA7wy5%2BtfUfU%2B%2FwZcZDDdRUHsw5csG6w5aoc8zkwGRPzS9zEUzKjQ75IQmz2e%2F2PxeVd3hxmxEUQycM%2BSJzyLYP%2BZxT6nhNMhMzxUa\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7d04ebc56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10595,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"2440b69be5e9fa86381eff4426737735","sha1":"25cd357d24159c111da98cef849946b131eaab32","sha256":"1fa8d2f621c7701cdc89f717378a82b709d87b62f9d231b1e4a3c21f82bd891b","sha512":"0f03f51206e40b5844733b2717ce82943405e684f95b80fb53bda3f9b1c3b4260099fa6bd2427bdd48555533c251d735f8eb9b85acf0aa5396e54b76d0fc834f","ssdeep":"192:GrWuGHLZRFd8+kDWxh2k5Ag+vEvP+mMg4BEbvUvALZ:GrWuGrT3c2sAcmLbv7","tlshash":"e622bf85cf6485a3c20f1d796d189b9e1a77d92eb38971c36860ec00a3786c96410c9f","first_seen":"2025-12-24T17:34:12.592404Z","last_seen":"2026-01-13T15:17:47.199696Z","times_seen":3,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xvideosrei.com/favicon.ico","fqdn":"xvideosrei.com","domain":"xvideosrei.com","tld":"com"},"ip":{"addr":"54.38.46.215","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xvideosrei.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 15:43:28 GMT","end":"Sun, 15 Mar 2026 15:43:27 GMT"},"fingerprint":{"sha1":"FD:95:23:36:47:33:25:61:BE:F2:AF:59:55:D2:67:E4:8D:31:E7:3A","sha256":"2A:C6:21:8D:B3:18:DE:A4:68:63:F5:A4:A3:FA:F4:1E:F4:04:23:36:7E:4C:EC:00:28:2A:35:4A:FA:46:4A:F6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xvideosrei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html; charset=utf-8\r\nversion: MS25102301\r\nx-dns-prefetch-control: on\r\nx-download-options: noopen\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asiannudestube.com/favicon.ico","fqdn":"www.asiannudestube.com","domain":"asiannudestube.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asiannudestube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 22:07:21 GMT","end":"Mon, 23 Feb 2026 23:02:05 GMT"},"fingerprint":{"sha1":"AA:7F:A7:60:B3:B7:1A:38:E5:7F:C6:10:D2:65:30:47:5D:31:04:92","sha256":"80:61:17:20:FA:EC:90:35:5C:0A:4D:AE:BA:BC:2D:21:92:93:5F:CC:24:CE:07:59:39:E6:FB:54:10:9D:50:63"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.asiannudestube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nserver: cloudflare\r\nlast-modified: Sun, 21 May 2023 03:46:34 GMT\r\netag: \"6469941a-47e\"\r\nexpires: Thu, 24 Dec 2026 06:51:03 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nage: 38538\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8i85udyBEbc6lwxHH4dNUExaS4NK2OLWFGoDCJCV2lrJEvhlql%2FnLWZMTiLhdMpcWtQ61pfCsuMehXqlQvsZYVxfs1UXSH3YzLsTaTcIN%2F5Q%2B0SQazc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7e55cd5120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"01c7f4a49643b15429e07fb982272acb","sha1":"d6f70a4a7d9c1b12846f4820b1f163db03384ce4","sha256":"3683c5277e90752d4f84918b7adf0d1a62137b33ae05599557f969bb144f6340","sha512":"0c5707bf057ee34b2bcd6e4877b7d029a741bd7e8f0d1aa08ceb0b200f0cf02a1d7a30637547e61423a55d2f5ecd397862e138390c2d847f88b87fccec6406e6","ssdeep":"","tlshash":"ce210e827ab946aadcd52f387934fa2a01bf4f94fc28bb856e4470937b733860014457","first_seen":"2025-06-28T08:11:01.556507Z","last_seen":"2026-04-12T19:29:51.662985Z","times_seen":54,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"p.dmm.co.jp/p/favicon.ico","fqdn":"p.dmm.co.jp","domain":"dmm.co.jp","tld":"co.jp"},"ip":{"addr":"52.222.186.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:23.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p.dmm.com","organization":"DMM.com LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 19 May 2025 07:11:06 GMT","end":"Sat, 20 Jun 2026 07:11:05 GMT"},"fingerprint":{"sha1":"40:F2:9C:EF:05:B5:FA:93:84:2A:AF:B3:BC:09:BD:07:8A:E4:00:C7","sha256":"E9:AE:DF:FC:EA:84:38:F8:94:56:74:E4:71:77:A5:75:A7:BC:12:28:97:39:9A:9A:84:57:C5:6C:EA:99:84:8B"}}},"request":{"raw":"GET /p/favicon.ico HTTP/1.1\r\nHost: p.dmm.co.jp\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 15086\r\nlast-modified: Fri, 21 Mar 2025 03:11:50 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 7E3oQU_pn2GfBSe2ZE8LFNm_66BACmMH\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 24 Dec 2025 17:33:23 GMT\r\netag: \"585b7660a8d46df20f3a0f838b58e11a\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 efa1f20185894fba06fb038a3e989f24.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: IAk1VwUEbIKwLEbgsXD6VTGHbxEIjw33FcpS0qHMqWm9GWwBs69FDw==\r\nage: 43\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"585b7660a8d46df20f3a0f838b58e11a","sha1":"c4b5148fad8e310257812bf99be815a8dd145af5","sha256":"9cb6d660bbc93c9ff4b0b2a0e0253b5b5c5e102d35cbd8644e4690a3c6b00f69","sha512":"35faba9af21218cbf34d7aa2b3d86facd671cd244a7712024445b436c6bd88f56948ffb9e8c932fe4eedff2d32b5ca0d0de080f004f5a841711610d1223cc2ed","ssdeep":"48:jdFLIlKKcCGrAOr7Mg/jE80hCz+0l2Mr5CV6BXaxP8J6aN1:nIlKLNJXUV6BX4UJbN","tlshash":"056283433b744e33ffe1293701a6a7237655d0a22c2b448e9d1be72e8d6768136347d6","first_seen":"2023-10-21T14:42:05Z","last_seen":"2026-03-25T11:18:30.255916Z","times_seen":42,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-24T17:33:16.547Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: jp.av2.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 17:33:16 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\npdojs-line8: host-jp.168ca235ca203ca23630id-idstring.cx.av2.top4.194.8.20-myhost-jp.168ca235ca203ca23630id-idstring.cx.av2.top38.220.248/\r\nphost: jp.168ca235ca203ca23630id-idstring.cx.av2.top\r\npdojs-line383: notjp-jp-myhost-jp.168ca235ca203ca23630id-idstring.cx.av2.top-filteron-\r\npdojs-line991: notjp-jp-myhost-jp.168ca235ca203ca23630id-idstring.cx.av2.top-filteron-/\r\nline1317: URI-/-myhost-jp.168ca235ca203ca23630id-idstring.cx.av2.top-filteron-\r\nline1454: jp\r\nline1489: -jp\r\npdojs-line1549: host-31852\r\npdojs-line1550: host-/dev/shm/hotthumjp-2-1808\r\npdojs-line1558: ibig--chname--filteron--txtlang--shows-142\r\nCache-Control: max-age=60, public\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Cake\r\nX-Proxy-Cache-192g-LA: EXPIRED\r\nXkey-192LA: jp./-A-jp.168ca235ca203ca23630id-idstring.cx.av2.top-jp.168ca235ca203ca23630id-idstring.cx.av2.top-myzone---no\r\nX-Proxy-Cache-tot-vt: HIT\r\nXkey-TOT-VT: jp./-A-jp.av2.top--my_zone\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76029,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (46897), with CRLF line terminators","md5":"b4a99724ce5b597b4c660a3cd61a4381","sha1":"ef4e7601492d7b7543c2a15bdbea2125c46aa1fd","sha256":"e16c9a8076bba78e552dc99369475f691bb6f1b6e55403056039775e368bf9b7","sha512":"17009b7cf2ac137a69ecea34a09513b466f8e042f118e11553b60b11ebf9d99319b831c63032549ace217fff8e0648f2501a7366ff7247dfbe9489de29e60644","ssdeep":"1536:TaGYJw8tDMWHPekVvMkvspvJctMHCs7qaIaT+FPSHD:Ts/MWHPPVWctMHCOqDK+FqHD","tlshash":"7273b73f63443877258351d2f4d221bde837ae1dc9d67a68a86db0e263c2d7ee426434","first_seen":"2025-12-24T17:34:12.594257Z","last_seen":"2025-12-24T17:34:12.594257Z","times_seen":1,"resource_available":false,"data":null}},"time_used":903,"timings":{"blocked":225,"dns":1,"connect":224,"send":0,"wait":224,"receive":229,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"jp.av2.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"jp.av2.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pics.dmm.co.jp/digital/video/emaz00187/emaz00187ps.jpg","fqdn":"pics.dmm.co.jp","domain":"dmm.co.jp","tld":"co.jp"},"ip":{"addr":"52.222.186.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p.dmm.com","organization":"DMM.com LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 19 May 2025 07:11:06 GMT","end":"Sat, 20 Jun 2026 07:11:05 GMT"},"fingerprint":{"sha1":"40:F2:9C:EF:05:B5:FA:93:84:2A:AF:B3:BC:09:BD:07:8A:E4:00:C7","sha256":"E9:AE:DF:FC:EA:84:38:F8:94:56:74:E4:71:77:A5:75:A7:BC:12:28:97:39:9A:9A:84:57:C5:6C:EA:99:84:8B"}}},"request":{"raw":"GET /digital/video/emaz00187/emaz00187ps.jpg HTTP/1.1\r\nHost: pics.dmm.co.jp\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\ncontent-length: 14710\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\nx-cache-status: HIT\r\nlast-modified: Wed, 18 Jul 2012 08:28:27 GMT\r\nx-pics-origin: imgsrc\r\nvia: 1.1 1eb5a75db7a61666115e3a7c542fb656.cloudfront.net (CloudFront), 1.1 efa1f20185894fba06fb038a3e989f24.cloudfront.net (CloudFront)\r\nx-cache: Miss from cloudfront\r\nx-amz-cf-pop: NRT20-P6, OSL50-P3\r\nx-amz-cf-id: QTwErJqNbSvd7ODX3929yWqU6XtCZ_OZQnBJphjOTU3NGGWBqCxPdg==\r\nage: 321483\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14710,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 147x200, components 3","md5":"b6abd70662b597cbf5f14ed6b843df71","sha1":"3070226d6affc1ff3ab421ff9812b077c386b16c","sha256":"4845e9e3fd803a6821e59cfbe707bb0b796571d2999752c46adc8448e9156e4c","sha512":"14a7619607ebdca57e44da1ae957d15ab865de4337499dd610b9f1162b91a60a652967d7a9f473729a87322fbccfb2b09a99551244692cc4e0da98712917df0b","ssdeep":"384:XQWGZ4qBJygINKoCardEhWvM7vzJTf9SR5Aswip589CVno:XQWGZBJ4NlhDQvz5EAuTxo","tlshash":"4262c00391823d4aeff682ffd14aa5df00d234a27f480b8867111b428f3c665c6fe496","first_seen":"2025-12-24T17:34:12.595135Z","last_seen":"2025-12-24T17:34:12.595135Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1840,"timings":{"blocked":371,"dns":2,"connect":3,"send":0,"wait":1085,"receive":1,"ssl":322},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcore-pic.xvideos-cdn.com/videos/thumbs169ll/de/f5/ee/def5eee96b7b67ef75a7135aec0dc77e/def5eee96b7b67ef75a7135aec0dc77e.28.jpg","fqdn":"gcore-pic.xvideos-cdn.com","domain":"xvideos-cdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvideos.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 15 Oct 2025 00:00:00 GMT","end":"Sun, 15 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3C:93:93:D2:61:40:5B:B9:F9:EB:A2:B0:78:48:57:C0:F2:41:42:42","sha256":"D9:3E:6D:83:C8:0E:74:42:32:A1:4F:A3:9B:CA:3A:9D:E0:D2:60:38:FF:BF:EB:0E:36:AA:3E:41:44:D5:A7:59"}}},"request":{"raw":"GET /videos/thumbs169ll/de/f5/ee/def5eee96b7b67ef75a7135aec0dc77e/def5eee96b7b67ef75a7135aec0dc77e.28.jpg HTTP/1.1\r\nHost: gcore-pic.xvideos-cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10550\r\ntraceparent: 00-3a097f6f36a4dd249cf214470c1b6d95-7c5c7e827291f034-01\r\nx-frame-options: sameorigin\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Thu, 20 May 2021 08:39:15 GMT\r\nexpires: Fri, 09 May 2025 13:38:41 GMT\r\ncache-control: max-age=10368000, public\r\naccess-control-allow-origin: *\r\nx-id-shield: am3-hw-edge-gc131\r\nage: 4161699\r\nx-id: osix-hw-edge-gc4\r\ncache: HIT\r\nx-cached-since: 2025-11-13T10:00:25+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10550,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100\", progressive, precision 8, 352x198, components 3","md5":"158b26abfd12b66b23771e3f139c6c26","sha1":"ab5d74c2c186648e9b15d4c17213af08857787b5","sha256":"5eb8df64119c7cf33b85e205b0cbfc4324ee872e40618aebd1cd065f963cc7be","sha512":"5271753bd330a62acf7c0fd37fd914338819bc89001a07e8b6acc3e61f15c10b837aee01471558f75f510990006066a04eda8bb312dd6b7d27a2ca79cdf72a18","ssdeep":"192:vcVVwvkcnksS27MvON+ifxpCwLjV6oVoal3j9KTPFZSzP0/i:kVmh77fN4wdVLlT9Y4F","tlshash":"ac22beee0f733772c3341f7296810aac52560f92699b818bb00d4a9a381fd8717afdd0","first_seen":"2025-12-24T17:34:12.596015Z","last_seen":"2025-12-24T17:34:12.596015Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1581,"timings":{"blocked":321,"dns":2,"connect":65,"send":0,"wait":5,"receive":1,"ssl":1125},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"css.jpg4.icu/mycss/av4.css?33","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.324Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /mycss/av4.css?33 HTTP/1.1\r\nHost: css.jpg4.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 24 Dec 2025 17:33:19 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: accept-encoding\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Cake\r\nCache-Control: public, max-age=360000\r\nX-Proxy-Cache-192g-LA: MISS\r\nXkey-192LA: css.jpg4.icu/mycss/av4.css?33--css.jpg4.icu-css.jpg4.icu-myzone---no\r\nX-Proxy-Cache-tot-vt: HIT\r\nXkey-TOT-VT: css.jpg4.icu/mycss/av4.css?33--css.jpg4.icu--my_zone\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NEIVhVK2i%2B55pXRa2Zhout%2BKf%2BpPqSFjC3I1rh7uyo65fVON7lbd3NOIpjGOyCLelmwukJoIvF0NqEuL1XpgJAGcEdx%2BqY%2B7PnKx%2FA%3D%3D\"}]}\r\nAge: 39852\r\ncf-cache-status: HIT\r\netag: W/\"103e-62edbddabc000\"\r\nContent-Encoding: gzip\r\nCF-RAY: 9b31d7d42f4e4e4c-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4158,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e05d356eb3c9cb0366e5491f098c5b66","sha1":"9c82f99795bf55512147a0bd629e9775446291bf","sha256":"7c7a5f32e5c6a2e6e1f3e71112f35691714019685cc4c7d567e158cb32d1579c","sha512":"94dd9b84614bae349bcaa9dafea12a08589b4b899cf59c1228cf9bf70d657a715b49cfc18748b2d174dac63a6df076828bfa8da9b25c686d74bc742ddbe9283c","ssdeep":"96:Uq6qw2a3Alqiqq7rShmo3NxlIAFrQH+42+F2fFB:+eYXih/SMoHlIAFkHL2+F2fFB","tlshash":"ca813f729b550141b51b92946f62b79123369013d907cf79bafa217ccf891ec21e2f4e","first_seen":"2025-04-08T05:19:22.565686Z","last_seen":"2026-02-10T20:33:51.228745Z","times_seen":840,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":63,"dns":36,"connect":5,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sbzytpimg1.com:3519/upload/vod/20251108-1/279e34719b63492654e9374c7ed9e50f.jpg","fqdn":"sbzytpimg1.com","domain":"sbzytpimg1.com","tld":"com"},"ip":{"addr":"142.248.99.81","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 09:53:21 GMT","end":"Fri, 06 Mar 2026 09:53:20 GMT"},"fingerprint":{"sha1":"55:92:B5:BC:78:CB:75:63:3B:0F:C6:A3:DD:2D:2F:7C:FA:07:B7:4A","sha256":"02:67:5F:F2:7D:A5:B6:59:8F:77:98:9C:EF:94:84:1A:E6:C9:FC:6E:A7:27:06:47:BB:16:5D:BE:A9:91:90:79"}}},"request":{"raw":"GET /upload/vod/20251108-1/279e34719b63492654e9374c7ed9e50f.jpg HTTP/1.1\r\nHost: sbzytpimg1.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 82343\r\nlast-modified: Sat, 08 Nov 2025 02:53:53 GMT\r\nvary: Accept-Encoding\r\netag: \"690eb0c1-141a7\"\r\nexpires: Thu, 15 Jan 2026 19:48:32 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nage: 683086\r\ncache-status: HIT\r\nserver: HyperCDN\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: SAMEORIGIN, SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":82343,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x405, components 3","md5":"ddf4f8e256e026546b9eaef8d0140554","sha1":"86c8419521ee107ddf583ee2d0f6bd415205b070","sha256":"90de3d10c807ff52fdf39c5a8e9a60e2c514397377ffec27ffe892026d8d3829","sha512":"b88219454f4250779f58323873ca03d276b6482c49f36a61cd7becaa084fb215c96827a988b876c0bca420a2bf352526239b31f0892f263f55dae0c59ab42114","ssdeep":"1536:Jj3f5flMsWpDwwj+9/mBJI6MLjlWH59i0Bopnk6PXTL+59N2SMTZXvRx/lJlMo:dP5+5BwDFEgLpWH5coopnk6vO5KSY1vx","tlshash":"27830283fa2d22c4f73d09385b788e4ac4b4cf98969881a46d7b0a551a73bdf7161784","first_seen":"2025-11-08T08:03:49.246646Z","last_seen":"2026-03-03T09:47:10.952424Z","times_seen":50,"resource_available":false,"data":null}},"time_used":1671,"timings":{"blocked":349,"dns":2,"connect":229,"send":0,"wait":478,"receive":136,"ssl":458},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.xsexteen.com/pictures/295/889_-.jpg","fqdn":"cdn.xsexteen.com","domain":"xsexteen.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1047947168.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 14:39:03 GMT","end":"Mon, 26 Jan 2026 14:39:02 GMT"},"fingerprint":{"sha1":"83:B7:0A:62:2B:42:20:AD:C6:93:E1:6B:81:48:31:44:94:23:5B:1D","sha256":"A8:87:70:1D:11:F6:7F:E8:A1:F1:D5:7C:AF:14:18:62:7F:0D:56:E0:F4:B9:1B:08:B6:95:C6:8B:30:7D:EE:CB"}}},"request":{"raw":"GET /pictures/295/889_-.jpg HTTP/1.1\r\nHost: cdn.xsexteen.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5230\r\nlast-modified: Mon, 15 Feb 2021 09:04:41 GMT\r\netag: \"602a3929-146e\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nstrict-transport-security: max-age=63072000;\r\nx-77-nzt: EwwBuUwJCgH3PaqlAQwBuUwKDAH3hNUJAAwBisclxAG3UpMBAA\r\nx-77-nzt-ray: e2f754202fe44d41de234c6979589808\r\nx-77-cache: HIT\r\nx-77-age: 27634237\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5230,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85\", baseline, precision 8, 320x240, components 3","md5":"a6273254e5fcd03480eab659a8f98e06","sha1":"affa2de1ed8b66695e52bdba0010482b973d8b70","sha256":"eb1b34ee4420cb872049a491eaccfe10838999128a550bc4084e64454952b52b","sha512":"80af1c6a50599e7162ab1ac85ed6a750201caca6f2ceee8d1835f5e0dc5a92dae9e38c41ca457d371dbb51d2988e03c49e76c0d0ceeb4650559f4081efa78523","ssdeep":"96:efKgNxnXw1n7kQZeCfM4GAG0TjlzY/wKHJaxogGGe+lVRy:M41n7nJ6sjS/wWa2ngo","tlshash":"f6b19f5b1295163dde2e4c21cb88eb4ed78c651c39b08793d1463b16b35dc90abd531f","first_seen":"2025-05-22T07:14:21.039122Z","last_seen":"2026-01-13T15:31:36.459799Z","times_seen":30,"resource_available":false,"data":null}},"time_used":685,"timings":{"blocked":281,"dns":8,"connect":99,"send":0,"wait":10,"receive":1,"ssl":237},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.porn4e.com/favicon.ico","fqdn":"www.porn4e.com","domain":"porn4e.com","tld":"com"},"ip":{"addr":"192.243.50.109","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:21.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"porn4e.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Mon, 16 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"72:B8:5D:B6:3F:2F:C4:33:B5:50:6C:2D:F9:05:F8:78:23:CE:12:B8","sha256":"AF:F6:74:DA:C1:24:38:A6:3D:A9:8B:28:58:3F:CA:DE:EA:D8:EF:E2:C7:01:6A:9B:03:70:A8:71:1C:6D:E2:76"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.porn4e.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":454,"timings":{"blocked":115,"dns":33,"connect":93,"send":0,"wait":96,"receive":0,"ssl":113},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xvideosrei.com/wp-content/uploads/2021/07/menininha-chupando-rola.jpg","fqdn":"xvideosrei.com","domain":"xvideosrei.com","tld":"com"},"ip":{"addr":"54.38.46.215","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xvideosrei.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 15:43:28 GMT","end":"Sun, 15 Mar 2026 15:43:27 GMT"},"fingerprint":{"sha1":"FD:95:23:36:47:33:25:61:BE:F2:AF:59:55:D2:67:E4:8D:31:E7:3A","sha256":"2A:C6:21:8D:B3:18:DE:A4:68:63:F5:A4:A3:FA:F4:1E:F4:04:23:36:7E:4C:EC:00:28:2A:35:4A:FA:46:4A:F6"}}},"request":{"raw":"GET /wp-content/uploads/2021/07/menininha-chupando-rola.jpg HTTP/1.1\r\nHost: xvideosrei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22420\r\netag: \"60e3a81b-5794\"\r\nversion: MS25102301\r\nx-dns-prefetch-control: on\r\nx-download-options: noopen\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\naccess-control-allow-origin: *\r\nexpires: Thu, 25 Dec 2025 00:30:00 GMT\r\ncache-control: max-age=25002\r\nx-served-by: xvideosrei.com\r\nx-proxy-cache-status: HIT\r\nx-proxy-cache-skip: 1\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":22420,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85\", baseline, precision 8, 600x337, components 3","md5":"338791e48c1df4f540f96b307f8b8415","sha1":"b592b4ab7d9768292df8cc6d8ce8eea5f2e2f54f","sha256":"a687e20f80763fe54dca8f9b2be6d22d28a589dcc84041afd222d862a3c3e8da","sha512":"07db1c47795d2cb31f4ff0f73c6fb9196f0237eac3198881b55ec7872b120005ab07890a49e60f6d4dc9f75ee8315939b478c11c1baef39cd08e2b0a6d3534ce","ssdeep":"384:7XPgp3508w4X72Eg4lynKEzQZKkkyJV4e7wi7eAtzaanYxs+XouOKxpDOmrf:7uWP4L2EZ5EzMjk6Ce7IEYxssoWxUM","tlshash":"78a2e00e9f0d0336360f5c56736507a14c0b28a0a2632d65fb70ce89eb7bad454c76ee","first_seen":"2024-04-20T23:35:41Z","last_seen":"2026-03-03T08:08:10.227116Z","times_seen":130,"resource_available":false,"data":null}},"time_used":857,"timings":{"blocked":345,"dns":2,"connect":109,"send":0,"wait":24,"receive":28,"ssl":285},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icdn05.zzztube.tv/38946/1947282_1.jpg","fqdn":"icdn05.zzztube.tv","domain":"zzztube.tv","tld":"tv"},"ip":{"addr":"45.133.44.6","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icdn05.zzztube.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:33:26 GMT","end":"Sat, 24 Jan 2026 02:33:25 GMT"},"fingerprint":{"sha1":"E0:56:26:7F:CC:31:E2:72:C6:80:F3:2D:7E:AC:85:15:64:06:6B:13","sha256":"96:F7:0A:FD:A9:94:A2:3E:CF:BD:F1:47:9B:67:67:0E:F1:5F:4B:DB:2B:33:F6:8A:56:AB:2B:80:B0:C9:E3:E0"}}},"request":{"raw":"GET /38946/1947282_1.jpg HTTP/1.1\r\nHost: icdn05.zzztube.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11406\r\nserver: nginx/1.24.0\r\nx-object-meta-mtime: 1598691346\r\netag: 1e7d3b257720304cea5a45ba33b34cb2\r\nlast-modified: Sun, 06 Nov 2022 19:09:16 GMT\r\nx-timestamp: 1667761755.72495\r\nx-trans-id: txc131f8d6f1ed488cba88e-0067eed5b4\r\nx-openstack-request-id: txc131f8d6f1ed488cba88e-0067eed5b4\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\ncache-control: max-age=2592000\r\nexpires: Fri, 23 Jan 2026 17:33:17 GMT\r\nx-cdn-host-id: ah1004,DS9225\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11406,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x170, components 3","md5":"1e7d3b257720304cea5a45ba33b34cb2","sha1":"74003657e9d6025e5d22de5b0eab46eaa95896ae","sha256":"74b3a1aa41056b35f14fda102939bcf6b4fa40d886f67006ff842be6d0759aae","sha512":"f74a8242037cf4b0352f2b60e1f8467a1cd7ee0bf97843ad08b11676ec3a2c9b7e3b7b31f86dbc19c2f266e637bed0e599fd46f26713fbb50989b5dffc661718","ssdeep":"192:TBW6A4XFMYd3RfEVpyhl0rZ2Ve0o5Fx7GodB82TKps//DW/3zqYgWq7K8iaR9:FY4V/JEV4JsZFxi48GKps3+3RNqp","tlshash":"2132cf7e3335129ccaee302044e45b32926c985abd92c69b1de26f44e737add5ef0921","first_seen":"2025-06-07T22:50:30.12022Z","last_seen":"2026-03-01T22:30:17.252428Z","times_seen":23,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":70,"dns":93,"connect":19,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x-n-x-x.pro/favicon.ico","fqdn":"x-n-x-x.pro","domain":"x-n-x-x.pro","tld":"pro"},"ip":{"addr":"162.254.190.69","port":443,"asn":32338,"as":"HOSTISERVER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"x-n-x-x.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Dec 2025 06:19:57 GMT","end":"Sun, 08 Mar 2026 06:19:56 GMT"},"fingerprint":{"sha1":"2C:59:9B:A9:E1:96:36:3F:D4:73:AD:78:BA:3A:95:E8:A8:DD:0F:CA","sha256":"4C:2F:C5:DC:29:13:AC:CE:75:6D:31:A7:2F:B4:08:51:00:AF:87:AF:F2:F2:E6:E9:90:6B:A9:90:D2:33:A6:82"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: x-n-x-x.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Mon, 08 Mar 2021 11:09:10 GMT\r\netag: \"604605d6-47e\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nstrict-transport-security: max-age=63072000;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"93c0ce0d3b86947fc409da9b0349f9da","sha1":"4ccf9572f132e457de84cd8ebc8b885ca24e1d87","sha256":"d0f8397c265919dde00efc8ff36b1c4a0fa7df93195f2eb9b608a9d1e5a34b0e","sha512":"640c3a2623af6d1cad7adb9d66dda3bbec2bfafed34fe939252e3fa43a4020f425e5784e4cef308602e0ae4b211f7118bd60d011f4e3b5ebd1985fc086e55f5d","ssdeep":"","tlshash":"7e21d1b3ba5146bae46c1679f052620605bbbfeea491451b24d8be183c73307700ee1f","first_seen":"2025-02-14T15:16:16.040316Z","last_seen":"2026-04-12T19:29:51.767963Z","times_seen":111,"resource_available":false,"data":null}},"time_used":987,"timings":{"blocked":364,"dns":20,"connect":156,"send":0,"wait":158,"receive":0,"ssl":262},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn77-pic.xvideos-cdn.com/videos/thumbs169ll/70/8c/82/708c822f777609f0f9825a2a5d542c63/708c822f777609f0f9825a2a5d542c63.29.jpg","fqdn":"cdn77-pic.xvideos-cdn.com","domain":"xvideos-cdn.com","tld":"com"},"ip":{"addr":"185.76.9.7","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvideos.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 15 Oct 2025 00:00:00 GMT","end":"Sun, 15 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3C:93:93:D2:61:40:5B:B9:F9:EB:A2:B0:78:48:57:C0:F2:41:42:42","sha256":"D9:3E:6D:83:C8:0E:74:42:32:A1:4F:A3:9B:CA:3A:9D:E0:D2:60:38:FF:BF:EB:0E:36:AA:3E:41:44:D5:A7:59"}}},"request":{"raw":"GET /videos/thumbs169ll/70/8c/82/708c822f777609f0f9825a2a5d542c63/708c822f777609f0f9825a2a5d542c63.29.jpg HTTP/1.1\r\nHost: cdn77-pic.xvideos-cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5884\r\nx-frame-options: sameorigin\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Sun, 28 Jul 2019 21:50:06 GMT\r\ncache-control: max-age=10368000, public\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJBgH3rzMbAAwBz9PTEwH3u9Z+AAwBj/Q6jAH3HcQJAA\r\nx-77-nzt-ray: 5451992d8dc1523cde234c69b2d80104\r\nx-accel-expires: @1775182849\r\nx-accel-date: 1764814895\r\nx-accel-date-max: 1727333775\r\nx-77-cache: HIT\r\nx-77-age: 1782703\r\nserver: CDN77-Turbo\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":5884,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85\", baseline, precision 8, 352x198, components 3","md5":"c7f3c4f9afc2ab0c23c3da81a6c97119","sha1":"ee5d0880ffa5503177b8c8a21efc4c4f61d99a3b","sha256":"bccd268a7c4d9a3f92ad3b0a761d8c3eb77f7781e83690fdfb1ff76a284fa9d7","sha512":"c9a104f6f0e8a2adf406b3b0a645c92e17760eb498907e6891786f379a44e5ceee970cb12eb97c2b15ba832e87d0f696560de90bf43480ffcf7cd9263c719d73","ssdeep":"96:yEDsT6ko9+ITt6mic6bC74YV2l/lXKaiivJQD3vKcN:y/GHicmCMl/lHfov3","tlshash":"6cc14b0737035090490e2773ad4bc56e0d4cb6e8e8c1aeeba8428df02bbd9ed488460d","first_seen":"2025-08-11T22:27:38.619831Z","last_seen":"2026-01-20T15:34:37.860997Z","times_seen":15,"resource_available":false,"data":null}},"time_used":805,"timings":{"blocked":355,"dns":1,"connect":78,"send":0,"wait":10,"receive":0,"ssl":286},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/006/104/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/006/104/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13808\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:18:57 GMT\r\npriority: u=4,i=?0\r\netag: \"65fec8b1-35f0\"\r\naccept-ranges: bytes\r\nage: 1929779\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UTxafHb33qF5PXtMT5Z0NmIH3et0MZMA2Al4G%2FCCXeAxf0kMtct7NKKG2VTUGJIGDBWSl%2BfGI2E83YC5FwQZXoy%2FxtcJwIkrvaODUAiY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7d07ed356a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13808,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"0fc7b3115a32250690bb0ae314782ceb","sha1":"6c04a216783f7e96fef71e768b759264fe123684","sha256":"fd2bb32fdbd582882dc2d520ac183378d2d074fad6f2dec3e6f1aba949349311","sha512":"c25e9648008adf865b1c7270c51b28363a245f7f778f09b2729076bb19e2229fdc852988e78b2742af43af53699c3d7e763d02c96743f16c3ab8ee20f8276fa4","ssdeep":"192:D+iVtpY42StyImYrLEuo8wPq3YCrkuDGXuU7tg6ChPCnhqcG628GjcWpi3M:D+O01I9oLi3qEGZpg6ChqjlGvpv","tlshash":"bc52b0a27e96da03d95e4cf66db53286b708cd28b6418527b9258634c37a2065c70ef4","first_seen":"2025-12-24T17:34:12.600238Z","last_seen":"2026-01-11T16:31:17.608429Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.9188porn.com/","fqdn":"www.9188porn.com","domain":"9188porn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"9188porn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 09:28:02 GMT","end":"Mon, 02 Mar 2026 10:23:10 GMT"},"fingerprint":{"sha1":"A6:75:08:AB:20:D7:2A:E6:2B:50:C1:DA:59:F5:40:7B:7D:28:9E:C5","sha256":"83:9C:6B:2B:35:92:4D:96:4D:22:2B:45:AC:B4:E7:32:B2:F7:DA:26:69:E8:C4:BF:67:0F:41:0C:14:74:D9:09"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.9188porn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8CGCiaGqc19Riu2KpGGMkakyD5ktz5SxyE%2Bs0MKzA%2BYfLiS5C5rFXrN2aRN3XLGbELJ8jdiOR8hdwajVl6zmYsVXR24q0HZhzL4waXh4sCQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b31d7d7ab0275ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sbzytpimg1.com:3519/upload/vod/20240826-1/7649ca7c2cf39ba89bb80125c9e308cb.jpg","fqdn":"sbzytpimg1.com","domain":"sbzytpimg1.com","tld":"com"},"ip":{"addr":"142.248.99.81","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 09:53:21 GMT","end":"Fri, 06 Mar 2026 09:53:20 GMT"},"fingerprint":{"sha1":"55:92:B5:BC:78:CB:75:63:3B:0F:C6:A3:DD:2D:2F:7C:FA:07:B7:4A","sha256":"02:67:5F:F2:7D:A5:B6:59:8F:77:98:9C:EF:94:84:1A:E6:C9:FC:6E:A7:27:06:47:BB:16:5D:BE:A9:91:90:79"}}},"request":{"raw":"GET /upload/vod/20240826-1/7649ca7c2cf39ba89bb80125c9e308cb.jpg HTTP/1.1\r\nHost: sbzytpimg1.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nage: 0\r\ncache-status: MISS\r\nserver: HyperCDN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asiannudestube.com/thumbs/29/529_di.jpg","fqdn":"www.asiannudestube.com","domain":"asiannudestube.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asiannudestube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 22:07:21 GMT","end":"Mon, 23 Feb 2026 23:02:05 GMT"},"fingerprint":{"sha1":"AA:7F:A7:60:B3:B7:1A:38:E5:7F:C6:10:D2:65:30:47:5D:31:04:92","sha256":"80:61:17:20:FA:EC:90:35:5C:0A:4D:AE:BA:BC:2D:21:92:93:5F:CC:24:CE:07:59:39:E6:FB:54:10:9D:50:63"}}},"request":{"raw":"GET /thumbs/29/529_di.jpg HTTP/1.1\r\nHost: www.asiannudestube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11674\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Jul 2023 12:34:18 GMT\r\netag: \"64c112ca-2d9a\"\r\nexpires: Mon, 21 Dec 2026 06:50:50 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 297746\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IwfLlMRi6%2BHz5pwEb%2FuSjTWNgW7pi5xgOoNyHyrhGAv%2FoP5C9ISpth9kTcc4hapbzj6Ljnbp%2BUJU8GUSBlNukeOf8WdNJK4sbRRzMw3IvpIkYM7oVPs%3D\"}]}\r\ncf-ray: 9b31d7c75c624e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11674,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 312x208, components 3","md5":"3b29fe66162806584a06acdba2b4e553","sha1":"b4a4a3322d10c831057606efbbdaa0fcaf1138e8","sha256":"82ac4ab6dcf50c96e2c1a6eca1b1c482b80ab4a15fa2e5bf234b1110ba8a8171","sha512":"613d7ccc049b5d13d596d67baaba50fb4ceaf73c2b562880b45b3e284acc10297a993201518098f5d7278323287da50fe323fe880fe366a057f46ba1f6a32642","ssdeep":"192:1AwBpS/W8UEwoMWSmMpZcBgohc0brPRPrliHJMo2yNnjZW4l6nfKAmxklZ8ZHqW2:13CW8XMWSPEBg4c0bTRPB81J0fKAFlZp","tlshash":"9932bef99ac24ad2fa212c5e2c481c26bec0b9c770a30e9791dc170a4706097dd5eab5","first_seen":"2025-11-13T05:34:52.789498Z","last_seen":"2026-04-12T19:29:51.660135Z","times_seen":32,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":55,"dns":33,"connect":9,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icdn05.4kpornvideos.tv/30641/1532035_1.jpg","fqdn":"icdn05.4kpornvideos.tv","domain":"4kpornvideos.tv","tld":"tv"},"ip":{"addr":"45.133.44.5","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icdn05.4kpornvideos.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 02:32:58 GMT","end":"Sun, 25 Jan 2026 02:32:57 GMT"},"fingerprint":{"sha1":"B8:0F:7A:C0:15:D4:62:8C:DD:41:EA:7B:26:9A:EE:35:DA:0C:5C:BC","sha256":"F1:6E:D7:9E:83:2C:B7:E9:17:29:7A:78:8E:57:74:A8:0A:F6:F4:67:57:42:05:F6:58:20:83:E1:F1:AB:A3:9A"}}},"request":{"raw":"GET /30641/1532035_1.jpg HTTP/1.1\r\nHost: icdn05.4kpornvideos.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 32539\r\nserver: nginx/1.24.0\r\nx-object-meta-mtime: 1598365987.985824366\r\netag: d41e8dc8b652b73b14c4c7b7c00b3c93\r\nlast-modified: Fri, 04 Nov 2022 01:02:10 GMT\r\nx-timestamp: 1667523729.12076\r\nx-trans-id: tx6eccb81fa9244a5d88bb9-0067ef3753\r\nx-openstack-request-id: tx6eccb81fa9244a5d88bb9-0067ef3753\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\ncache-control: max-age=2592000\r\nexpires: Fri, 23 Jan 2026 17:33:17 GMT\r\nx-cdn-host-id: ah1004,DS9225\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32539,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x169, components 3","md5":"d41e8dc8b652b73b14c4c7b7c00b3c93","sha1":"448817c4220777aa5e1476d26ca68ac1e60c2222","sha256":"4eecbf0a0b4b3252c55f7d11edb03b37de5a6c8d6a7705872eec6ce717975522","sha512":"947c3f330e2d83a5f32c74271d59c4eb0002f7adfae3d7f941059604d5495f5dfd377d3b212a42f0a7292c517f64c295f2e916213c4e2a5a3d5cd3b6831768e2","ssdeep":"768:p0kkfdjAf1gyA1pweRpFQrI0C4wincqXUrA:pnAmbYweRpGlDwYL7","tlshash":"95e2f1096babf618dccfe5522ed31c7a73917dbf358a77471047802ade6e538d2a0602","first_seen":"2025-12-24T17:34:12.601629Z","last_seen":"2025-12-24T17:34:12.601629Z","times_seen":1,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":69,"dns":0,"connect":0,"send":0,"wait":67,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/ikctwv5s_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/ikctwv5s_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nage: 948471\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 13 Dec 2025 18:05:27 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hzd%2BLQZcUexFncZise%2FKyLdwLQRM7%2FTsMz14cthVP%2BY0%2BI15uSrABwcm1WYR0ytglSfrg9uFDSJ99Jv7VcTEkyT4iVLPuCd0\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7d04936b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":303917,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1920x1920, components 3","md5":"66d134303ce401be605e4c361a213aff","sha1":"fe90f18483e75c064d4d4f6009f1cec8a3ed2ea8","sha256":"cbbc6d395379c065432bedd3fabcdccd12d45917b4820759d8c12a714c5a7f25","sha512":"b8f1c206dfe4ef7b9ee4da3b3b557aaf360959e42cd9200d9f85993dae1be86f905ee4bbec234b18366059ff593a1f8448b38a5bb3a761b7253cc650e45190ae","ssdeep":"6144:ACX3t94PQIUWurYJtODMsZcvpdT/hkdKyrghM521mrTZAeWaMM2/o:ACXduoSWjZ8p5/28haImZxWo","tlshash":"015423ee420a77c0f9eb63b9f0cc1d7a1caf94684dd3b8fa46943616d0a3069595b3d0","first_seen":"2025-08-02T14:10:37.811662Z","last_seen":"2026-01-24T10:59:54.308896Z","times_seen":8,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filmesporno.xxx/favicon.ico","fqdn":"filmesporno.xxx","domain":"filmesporno.xxx","tld":"xxx"},"ip":{"addr":"80.82.65.89","port":443,"asn":202425,"as":"IP Volume inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filmesporno.xxx","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 15:03:23 GMT","end":"Sun, 15 Mar 2026 15:03:22 GMT"},"fingerprint":{"sha1":"A5:4E:7D:6C:2F:EC:FD:8F:30:EB:DA:9D:5B:1D:31:90:55:D6:BB:84","sha256":"E9:C5:FD:9B:5F:F4:33:3A:2B:0D:66:76:46:D7:72:45:5F:A4:6B:51:4F:64:46:4B:FF:20:8F:AB:5D:7C:BB:6A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: filmesporno.xxx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\nversion: MS25102301\r\nx-dns-prefetch-control: on\r\nx-download-options: noopen\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xsexteen.com/favicon.ico","fqdn":"xsexteen.com","domain":"xsexteen.com","tld":"com"},"ip":{"addr":"185.73.221.134","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xsexteen.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 05:16:02 GMT","end":"Thu, 29 Jan 2026 05:16:01 GMT"},"fingerprint":{"sha1":"D7:F2:8F:D6:2F:F8:1D:CF:78:F3:29:61:14:CF:47:C8:6C:9B:7A:84","sha256":"14:9B:53:E5:10:DC:19:B3:47:D3:86:AF:21:76:CD:D3:FB:85:1A:87:79:7A:6F:B7:35:85:7F:76:A2:01:79:3B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xsexteen.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":329,"timings":{"blocked":-1,"dns":46,"connect":38,"send":0,"wait":33,"receive":0,"ssl":178},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2023/08/1_img_9291.jpeg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2023/08/1_img_9291.jpeg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 63817\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Tue, 23 Dec 2025 23:49:39 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YfgPGR4CEKHxsBMZeZZUBpnLQ1I%2BMZZFf8jyE%2FbLdsydVhphSUkhXUmhuSTlN8GtM9XzVMLbOFemcXmW253iuz4NtTK87%2BqAOVU%3D\"}]}\r\ncf-ray: 9b31d7c6ef26b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128929,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x576, components 3","md5":"d975328db09bcc674e999058fac4ade8","sha1":"faf77a96cbe49904c934499e2c200639a3db1e7e","sha256":"7267738cab1374e53dbbe4e43b35b8601abef0845c88196da9c8e661b2937303","sha512":"d8fb627b58feefc7d063033a6f1ca8f2383ffe561ce1efab7b8cce2a20d752a95538eba83200282b3b92f0256c368734f127202081ba04965e641f66ae2bd775","ssdeep":"3072:kPUyNLJVaUBE0d0DS4mRq++e0ydeJ+VKMisTDC3g4:kPUWLlBVdyb++9LJOO","tlshash":"82c312b3bb1af6e28748f082277e29eb49d36e52158bf516468f0c68d798e0d9f151c0","first_seen":"2025-12-18T19:08:13.021553Z","last_seen":"2025-12-24T17:34:12.603751Z","times_seen":3,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.clporn.com/favicon.ico","fqdn":"www.clporn.com","domain":"clporn.com","tld":"com"},"ip":{"addr":"104.21.25.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"clporn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Dec 2025 07:39:21 GMT","end":"Sat, 07 Mar 2026 08:37:01 GMT"},"fingerprint":{"sha1":"EC:09:BE:71:63:35:4D:8B:B1:E0:5C:B2:23:8E:83:C4:54:7F:CF:CD","sha256":"F1:A5:50:B6:E8:9E:33:CD:CC:5E:60:58:B7:AE:F6:3D:6C:98:25:6D:F9:E3:B6:BB:ED:A9:20:17:B5:C8:F1:01"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.clporn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Sun, 21 May 2023 03:45:32 GMT\r\netag: \"646993dc-47e\"\r\nexpires: Thu, 24 Dec 2026 02:52:52 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nage: 52829\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7g3HA%2Fms3WxOs9G129gCRl%2Bt0tJdpihxxuOYRVZJScjJWHI4hkzFWmevbRkLR%2FLffkS%2F4jL46rlYGEc%2FjmU%2BuT%2BVc%2FKrPfbXjqxNzRvH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b31d7e4796f120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"7bce878d4d59681219dd7ee7b31d501f","sha1":"8078782a63dd8997b9537de46f1c19c0b60737ce","sha256":"19658bac1ca076be044dc8e1289ae869efd6847cc8d61405f1f6aeea11904dcf","sha512":"020763d535f44dfca6aa362c79c6f6a58bbaac6251264c36cb7277bdd3ef928122030d0f7ae12d5cc2b6b186ff8ad21d9d4019c9f51aed340720ce8a9a0802c3","ssdeep":"","tlshash":"ed217d82954145a8eda50f312233181893bfbf97fe74f30ead50b1705b372e400759a6","first_seen":"2024-05-18T21:25:43Z","last_seen":"2026-04-03T21:47:16.44898Z","times_seen":399,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.aisan-porn.org/favicon.ico","fqdn":"www.aisan-porn.org","domain":"aisan-porn.org","tld":"org"},"ip":{"addr":"192.243.50.111","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aisan-porn.org","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 28 Nov 2025 00:00:00 GMT","end":"Thu, 26 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:6E:14:6E:FA:4F:6D:84:1F:20:3C:89:B1:57:6F:F8:F7:20:3C:60","sha256":"B4:E8:61:EA:53:14:5C:60:C3:83:59:E1:12:89:2B:A0:3E:6F:FB:AC:1E:D6:36:63:AF:64:4A:D9:22:EC:75:19"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.aisan-porn.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":13,"connect":113,"send":0,"wait":91,"receive":0,"ssl":213},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/003/447/6.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/003/447/6.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13738\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:20:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8f1-35aa\"\r\naccept-ranges: bytes\r\nage: 1726234\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=deSYEu6Mr%2B%2BrAODV%2B2KqlPp%2FISh7LE%2FF6ZyyD2KdiygN9kRxKbBkxG3JxsNSPkCYa%2FAN6J8pRPl9wlOULk4fXlpE2Pyfe2g8zgHcq5ep\"}]}\r\ncf-ray: 9b31d7c7191556b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13738,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"ba89f2857ab64a70ea4c501aa5d14b0c","sha1":"2c44cf1ce50b4dd004ae242149891cd7bbbd4e3e","sha256":"a3ac65ea1a14dc6cf93db6d5546c4578d89ffc1da402633901bbaf745ba43221","sha512":"d6feeb1375c19d399a1f196077af8bb48e2fbd28cd4f8d37a72ac2deb0978bea863fbfdfe0ad020745fb17c97906703fd38d5d9d231ac22d86547357f35d5e46","ssdeep":"192:VBypTMxp5Ldi9Argw9tWa3io6wQ9mWVxuR9aSJa/nBRXaYyshk0fGa8TUNLBHkFJ:V82hdi4Oo6BxVxe97avB9ysWfmHIOR0t","tlshash":"cb52cf30386e7452ddeed830cf1ea32973a58c59389999bf2a63585e5b12d388478c3d","first_seen":"2025-10-19T05:57:43.590997Z","last_seen":"2026-01-13T15:17:47.33611Z","times_seen":9,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.tnaflix.com/a16:8q80w500r/thumbs/91/12_5852545l.jpg","fqdn":"img.tnaflix.com","domain":"tnaflix.com","tld":"com"},"ip":{"addr":"185.59.220.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tnaflix.com","organization":""},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F4:51:5E:C3:66:8A:EF:08:50:9E:E4:9B:AF:10:D8:DF:93:4A:50:A4","sha256":"2C:AD:9F:EB:08:45:A3:D8:21:C7:DD:78:D1:B5:71:59:A9:74:9B:C5:23:C1:8F:C5:F9:0E:BA:10:42:C2:F0:07"}}},"request":{"raw":"GET /a16:8q80w500r/thumbs/91/12_5852545l.jpg HTTP/1.1\r\nHost: img.tnaflix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11778\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nx-77-nzt: EgwBuTvcCgH369QbAAwBT3/LCwH3KQEAAA\r\nx-77-nzt-ray: 4460f711264c3b0bde234c69588d0b05\r\nx-77-cache: HIT\r\nx-77-age: 1823979\r\nserver: CDN77-Turbo\r\naccess-control-allow-origin: *\r\nx-77-pop: frankfurtDE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":11778,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 500x250, components 3","md5":"c1814c2b46af9b71bfd8acec3dbf8ac6","sha1":"fff1aae259e4efca0c0e29a8765bb6112440862d","sha256":"46cdea7cdd7f3492ebf2e984e57c907a3ffeb5437a43454b4fb0df091ab1b896","sha512":"7fe7e36345c94b03dadb929c72f8ac48516d06a7511dc78e54277c0cb6cab0d2e19b26c256dca1d9f703b82b22018c9876829fc53a7885845dc458c180178dbb","ssdeep":"192:NQV/2oQBT2AKgpN9DiOACyomf+0X1PVII8mYX/2asHZQ8L2cDh7x4pN5U5Ns:NQ2BJ3dKCy8UtVIIbYuaPMd7a9UM","tlshash":"88329d0abb8f5650f425d833e0fc43e7e2a5b85a5139160d526d073daa8f4dc99aa30d","first_seen":"2025-12-16T06:19:43.920397Z","last_seen":"2025-12-24T17:34:12.606167Z","times_seen":2,"resource_available":false,"data":null}},"time_used":760,"timings":{"blocked":276,"dns":3,"connect":101,"send":0,"wait":27,"receive":0,"ssl":285},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.dmm.co.jp/favicon.ico","fqdn":"www.dmm.co.jp","domain":"dmm.co.jp","tld":"co.jp"},"ip":{"addr":"52.222.190.76","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dmm.co.jp","organization":"DMM.com LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 04 Mar 2025 13:16:09 GMT","end":"Sun, 05 Apr 2026 13:16:08 GMT"},"fingerprint":{"sha1":"07:5F:95:C0:B3:EB:FA:83:37:DB:B4:90:0B:AE:21:CB:88:50:4B:D7","sha256":"5E:3A:C3:17:7B:AE:E8:A4:7C:52:2E:CB:91:0A:36:99:8F:25:50:A7:9E:D4:6C:3E:81:DF:A0:23:9B:26:98:6F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.dmm.co.jp\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 198\r\nlocation: https://p.dmm.co.jp/p/favicon.ico\r\ndate: Wed, 24 Dec 2025 17:33:23 GMT\r\nserver: Apache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 62e740a3ccdabe7c6d3d19052f330dca.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: OnHuq6_tLYhJbdcXzOwVB0aH_2uWg9QM_4qQyotcD_25UkuhpR93hg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1863,"timings":{"blocked":177,"dns":47,"connect":1,"send":0,"wait":1391,"receive":0,"ssl":240},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filmesporno.xxx/wp-content/uploads/2024/10/e5a5b3e584bfe291a0e79c9fe5ae9ee788b6e5a5b3e4b9b1e4bca6-e8a696e9a0bb-d8e.jpg","fqdn":"filmesporno.xxx","domain":"filmesporno.xxx","tld":"xxx"},"ip":{"addr":"80.82.65.89","port":443,"asn":202425,"as":"IP Volume inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filmesporno.xxx","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 15:03:23 GMT","end":"Sun, 15 Mar 2026 15:03:22 GMT"},"fingerprint":{"sha1":"A5:4E:7D:6C:2F:EC:FD:8F:30:EB:DA:9D:5B:1D:31:90:55:D6:BB:84","sha256":"E9:C5:FD:9B:5F:F4:33:3A:2B:0D:66:76:46:D7:72:45:5F:A4:6B:51:4F:64:46:4B:FF:20:8F:AB:5D:7C:BB:6A"}}},"request":{"raw":"GET /wp-content/uploads/2024/10/e5a5b3e584bfe291a0e79c9fe5ae9ee788b6e5a5b3e4b9b1e4bca6-e8a696e9a0bb-d8e.jpg HTTP/1.1\r\nHost: filmesporno.xxx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8694\r\netag: \"6708f15e-21f6\"\r\nversion: MS25102301\r\nx-dns-prefetch-control: on\r\nx-download-options: noopen\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\naccess-control-allow-origin: *\r\nexpires: Thu, 25 Dec 2025 00:30:00 GMT\r\ncache-control: max-age=25002\r\nx-served-by: filmesporno.xxx\r\nx-proxy-cache-status: HIT\r\nx-proxy-cache-skip: 1\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":8694,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100\", progressive, precision 8, 352x198, components 3","md5":"0e515bc1eaf2d403699fd3bf94ffb221","sha1":"6efc1459025ff0e3db81e0507b5c33ace98df9fe","sha256":"1ee7dc030d92f4f55bc291ad60b5698a3e3f8b78aa51aaf6e25af6c6fc0d81b3","sha512":"cef58e093a5ac209585bf7ae6209461441260f21ce930137170a5f838266e876817062c3a5df07570d45027380deb724c5e957a35fcb40f4387c49b5754c2d70","ssdeep":"192:HysSDlV1JQIhPZP9vWVGq4+IiFvJtLN3tcNQ4inn+AtQGfloTEcblg7KN:SsSDlmIhRAGqtIsvnLND+A6GfsE+g+N","tlshash":"a802bfb647866b73d1769974ca8a715ce3c06ce64f40b7ae3444cddd3abf3a118ba900","first_seen":"2025-12-16T06:19:44.023425Z","last_seen":"2026-03-03T09:47:10.900622Z","times_seen":7,"resource_available":false,"data":null}},"time_used":831,"timings":{"blocked":315,"dns":2,"connect":120,"send":0,"wait":43,"receive":1,"ssl":290},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.w3schools.com/w3css/4/w3.css","fqdn":"www.w3schools.com","domain":"w3schools.com","tld":"com"},"ip":{"addr":"23.36.77.57","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:21.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"certification.w3schools.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Oct 2025 05:09:45 GMT","end":"Sun, 18 Jan 2026 05:09:44 GMT"},"fingerprint":{"sha1":"1B:0A:07:AA:E5:29:0E:01:21:18:F3:4C:23:42:E9:6A:3F:85:C5:39","sha256":"57:8C:78:FA:CB:E0:9B:8C:76:B8:05:E6:78:67:4F:0D:0C:B6:F1:8A:3B:26:BD:E1:51:03:95:09:8B:93:A0:12"}}},"request":{"raw":"GET /w3css/4/w3.css HTTP/1.1\r\nHost: www.w3schools.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nlast-modified: Thu, 18 Dec 2025 11:43:10 GMT\r\naccept-ranges: bytes\r\netag: \"09beb7b1370dc1:0\"\r\ncontent-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com;\r\nx-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com;\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 5256\r\ncache-control: public, max-age=31000914\r\nexpires: Fri, 18 Dec 2026 12:55:15 GMT\r\ndate: Wed, 24 Dec 2025 17:33:21 GMT\r\nx-loc: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23427,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"75b37d4abbdde1322116d2744181081d","sha1":"6d6b5ff442af4682c30e970c382002a7c694ac5b","sha256":"c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5","sha512":"8ba303e078af3f71176b6e7fa5c32b0f3984014393133a960da7103bc78204a144a3d034a3d1ad7126f1547f45408e00e036175f54766ffccc8cf84cd4c129a5","ssdeep":"384:aHHLO7eS0F4bBY/fn6jZcy9/cGK1q8CarY64Cb+dOy:aHHCLYXfl1q8CarY64Cb+dl","tlshash":"fbb2f022ff8a1138261a873660d5fbfc573a8681df9f1b7a7030373943894c26796e49","first_seen":"2023-06-26T21:08:35Z","last_seen":"2026-05-09T11:58:03.572643Z","times_seen":16886,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":87,"dns":50,"connect":1,"send":0,"wait":16,"receive":1,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filmesporno.xxx/wp-content/uploads/2022/04/video-sexo-escola.jpg","fqdn":"filmesporno.xxx","domain":"filmesporno.xxx","tld":"xxx"},"ip":{"addr":"80.82.65.89","port":443,"asn":202425,"as":"IP Volume inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filmesporno.xxx","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 15:03:23 GMT","end":"Sun, 15 Mar 2026 15:03:22 GMT"},"fingerprint":{"sha1":"A5:4E:7D:6C:2F:EC:FD:8F:30:EB:DA:9D:5B:1D:31:90:55:D6:BB:84","sha256":"E9:C5:FD:9B:5F:F4:33:3A:2B:0D:66:76:46:D7:72:45:5F:A4:6B:51:4F:64:46:4B:FF:20:8F:AB:5D:7C:BB:6A"}}},"request":{"raw":"GET /wp-content/uploads/2022/04/video-sexo-escola.jpg HTTP/1.1\r\nHost: filmesporno.xxx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15660\r\netag: \"6260dbbf-3d2c\"\r\nversion: MS25102301\r\nx-dns-prefetch-control: on\r\nx-download-options: noopen\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\naccess-control-allow-origin: *\r\nexpires: Thu, 25 Dec 2025 00:30:00 GMT\r\ncache-control: max-age=25002\r\nx-served-by: filmesporno.xxx\r\nx-proxy-cache-status: HIT\r\nx-proxy-cache-skip: 1\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100\", progressive, precision 8, 600x337, components 3","md5":"7a2de94c244fae3ee6908f0c9baa4bb4","sha1":"87819d4ae5915fe148b525f2d990ba5f6437b254","sha256":"68bf94a6ba42cd28838af9771f610e18a8895bac3672ee1cd0bc39b42b713a57","sha512":"c4470a033f2f3dae274ad410fabccec92282a455d033dfb02795762f3bb19253abd5ea8bae85f06e41caee3178171cf334bce37ea1a9d0a472bb5b7563eb8a8a","ssdeep":"384:QyXW1/1ivGVBtvu3p+Y0ub42yK53x8mCqqRetd445hY0:Qym19iO/t5Y0uUn+B8lpUhY0","tlshash":"7762d065b9874214f69231b030bfb5293b068bb629d9e3d225d4107f6cf59ceae29702","first_seen":"2024-04-19T18:14:25Z","last_seen":"2026-04-03T21:47:16.580624Z","times_seen":109,"resource_available":false,"data":null}},"time_used":970,"timings":{"blocked":376,"dns":2,"connect":120,"send":0,"wait":104,"receive":9,"ssl":293},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.effedupmovies.com/wp-content/uploads/2025/09/cropped-favicon-32x32.png","fqdn":"www.effedupmovies.com","domain":"effedupmovies.com","tld":"com"},"ip":{"addr":"45.138.107.13","port":443,"asn":208414,"as":"WEDOS Internet, a.s.","country":"Czechia","country_code":"CZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"effedupmovies.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 02:09:26 GMT","end":"Wed, 28 Jan 2026 02:09:25 GMT"},"fingerprint":{"sha1":"A0:38:95:81:F9:B6:07:3A:91:08:79:94:2C:37:D0:A0:70:E0:C9:8A","sha256":"E1:0C:A5:0E:23:DF:97:60:D8:03:51:23:22:3C:F6:70:39:50:68:A8:83:61:4D:49:EE:12:D9:F3:7E:BB:F4:45"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/cropped-favicon-32x32.png HTTP/1.1\r\nHost: www.effedupmovies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:23 GMT\r\ncontent-type: image/png\r\ncontent-length: 12890\r\nlast-modified: Sat, 13 Dec 2025 14:12:03 GMT\r\netag: \"693d7433-325a\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-protocol: HTTP/3.0\r\nx-request-id: f4007711408fd4dde41345fa3eb20452\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":12890,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"ab96da12d8312559415480d1f3036eb0","sha1":"1d014a2419e02827bd13334af29578b1c9b4d6bf","sha256":"1cca498904b87c8b14e4100203f31d6bd9b9cac47da3b99ec80f6042c91b47f9","sha512":"4fc3dc1aac1efb54e7877b0bfbd23ea2db2e4f65d9fd4e5039435635caaf167f05df17cee77dbd4d44aa1d2f0911aa6384b34eb8372920dc05fa84b98acf905f","ssdeep":"384:hqhkHlVJH8TaseXN+yXLnFnbrFF7E162qFuU4Khaz5:AOr8TyI4VX2qKV","tlshash":"5042bffbdbc7842102ba18ea5ded053750b294bc0e0b1ac1e6f8634228d36810d5ef4d","first_seen":"2023-05-04T19:26:02Z","last_seen":"2026-05-05T10:18:07.718601Z","times_seen":169,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"www.effedupmovies.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/003/389/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/003/389/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9460\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:19:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8ee-24f4\"\r\naccept-ranges: bytes\r\nage: 1930300\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mTdXIDYGZxKQ4QUZM8AXTTyIhdc3DnAnInJoI3MzAO1mqRiMiJ4M7YV%2F1ZSwtjXL5gQQLVR6VpL5qGxkQPXd0d9CL02vII9%2F3Nrvkj4%2B\"}]}\r\ncf-ray: 9b31d7c6e8fd56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9460,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"8411e865e989e6931b9cf6452ff2c93c","sha1":"721f7cef8092d47e6b6dd5769d3a684cd6f8587c","sha256":"176dc961d4277143d4d927f714275eeb47de20e5daec31a88995829a3e338682","sha512":"0c44b9a0c1974d6714b63a6472d6f9c7aeb46fd554befd16d043488aec6abb44ec177089911b817b6d0dbdd83bfa5cae5e38fec823d26055d56c9a9208b136f0","ssdeep":"192:8iFlUWs2tRUlMfrUW/gigtIoKHoY3qMMIZKHCxWZFI4hwXH8uO:1FWWptRwMDUWhnoKHotMMIZKH/I7H3O","tlshash":"2312c0ea5762ea65d39c5df41444970057a64ce8e43348f204f39b3a1f590ef0ed7464","first_seen":"2025-07-10T15:31:53.966379Z","last_seen":"2026-03-01T16:28:28.78698Z","times_seen":13,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.mymediaing.my/sdk/p/?zid=9801","fqdn":"cdn.mymediaing.my","domain":"mymediaing.my","tld":"my"},"ip":{"addr":"172.67.170.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mymediaing.my","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 23 Dec 2025 13:10:30 GMT","end":"Mon, 23 Mar 2026 14:09:10 GMT"},"fingerprint":{"sha1":"F5:AF:59:F3:C7:A7:98:58:AF:01:DA:E8:14:01:49:7E:03:72:7D:E4","sha256":"55:43:8E:96:BC:AE:9C:D0:01:4C:2F:6C:1C:B7:7E:54:4A:21:21:A7:FF:47:5A:1D:8E:87:C6:4A:60:D9:BA:AD"}}},"request":{"raw":"GET /sdk/p/?zid=9801 HTTP/1.1\r\nHost: cdn.mymediaing.my\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CpPn8oeqy%2FQCcz9HkfcETK0QxIbT9mpbJ4mAhwF9vCCzdtUtB4AB8XqeI12q1zGEwYWlnzZ7CwpDHlp%2FmbAfnYowCTH92tJEgmcZQKi63Q%3D%3D\"}]}\r\nx-time: 1766597599\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b31d7d54d14b4fd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52894,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (52408)","md5":"f379ff76a3a373b802f1a2d9523d931b","sha1":"58e22a719d31db4f01235bc8a6026e1b2659b594","sha256":"d1002ee5c238219f39018355411878de2df9370f225fbab154cf36da62f2d89b","sha512":"980d29aacf89af48cc1ffd7fd4ffacb0ef6b2ef0cff7bf86d60b4c2809a49d9a762ae8fbd18b524dbb709ee905e52be487de0d6791be80bdcb8048fdfb86d353","ssdeep":"1536:nFiJtBRiqSJQUUBU1wpIbS0UboLxCSMzHUgNvFi:nDqSJQUUBU1wpIbS0UboLxCSMzHHa","tlshash":"973392982fd0b94053dbab7b772fb4e5f4570c2f6a81484fe225bc20359071beaa5930","first_seen":"2025-12-24T17:34:12.612131Z","last_seen":"2025-12-24T17:34:12.612131Z","times_seen":1,"resource_available":true,"data":null}},"time_used":518,"timings":{"blocked":240,"dns":26,"connect":4,"send":0,"wait":66,"receive":0,"ssl":175},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js?1","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:20.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /ajax/libs/jquery/3.3.1/jquery.min.js?1 HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30399\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Dec 2025 15:00:08 GMT\r\nexpires: Fri, 18 Dec 2026 15:00:08 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 527592\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":2,"connect":0,"send":0,"wait":15,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.9188porn.com/favicon.ico","fqdn":"www.9188porn.com","domain":"9188porn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"9188porn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 09:28:02 GMT","end":"Mon, 02 Mar 2026 10:23:10 GMT"},"fingerprint":{"sha1":"A6:75:08:AB:20:D7:2A:E6:2B:50:C1:DA:59:F5:40:7B:7D:28:9E:C5","sha256":"83:9C:6B:2B:35:92:4D:96:4D:22:2B:45:AC:B4:E7:32:B2:F7:DA:26:69:E8:C4:BF:67:0F:41:0C:14:74:D9:09"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.9188porn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iB44nE2V5u0gXkOdsYP0RW%2FRrWp4%2BR%2Bo%2F5%2BunFAm%2BByjjXrcMI0rG0naSyZcnh3OLSr1ZrIGzQhoGYMVINSBcJqJfTH1%2FcEgd5MIdZSRQdI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b31d7e5cab975ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/d7mlbrxn_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/d7mlbrxn_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 418263\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Fri, 19 Dec 2025 21:22:13 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JlGsbhSr8A2uPJ2MMdq2ZeegEQ%2F6vzqVzjGwqC09mzzWu4kQBZsGwE%2BkNrf2hxic%2FkV8UdSVbJBLZANivAZfRHtFDXEOTCe%2FbHk%3D\"}]}\r\ncf-ray: 9b31d7c71f53b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63708,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 500x281, components 3","md5":"74859c62eb29d51f54d5d1a3fbdb3dda","sha1":"13af7477da26e08c53fc3b882b3cf2c4a9a8e919","sha256":"fa800fb33adcf90d6eba3c5c3df88a767c6743c3b6bc66c6d8e819e0635bbfdb","sha512":"c1bf1c0ca2d5fe805e3c99263ed6b87fa57549c5eb894c5134f49c8c8d6605e1ba16f29db300107df36bf8d3b8568b7373874a2f0b4838c08e002285aa2fc774","ssdeep":"1536:SLCmiKScEVrydX2x7Ezi6Vp4OoZfxn64+HnOmcdx6k:hmqcE9p7eFVmOsfx64+Hdk","tlshash":"f153124d472845fc39dc65d1a73c5ff086ce3524228d0b0ce7dba12a617ae96bbec606","first_seen":"2025-11-13T05:34:52.79303Z","last_seen":"2025-12-24T17:34:12.613019Z","times_seen":2,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":32,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kocho-kocho.com/favicon.ico","fqdn":"kocho-kocho.com","domain":"kocho-kocho.com","tld":"com"},"ip":{"addr":"150.95.59.35","port":443,"asn":7506,"as":"GMO Internet,Inc","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waken01.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 01:54:24 GMT","end":"Sat, 21 Feb 2026 01:54:23 GMT"},"fingerprint":{"sha1":"9E:DE:3B:53:C6:57:7D:7A:85:3F:49:E6:27:85:10:94:17:E2:E7:5B","sha256":"7D:AB:36:20:56:D4:90:FD:8C:B8:7B:A1:11:01:B5:0E:18:94:10:C7:22:C4:6E:57:AE:43:51:B1:5B:EA:29:10"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kocho-kocho.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.russiaporno.net/template/images/18.png","fqdn":"www.russiaporno.net","domain":"russiaporno.net","tld":"net"},"ip":{"addr":"78.40.116.236","port":443,"asn":200019,"as":"Alexhost Srl","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"russiaporno.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 02:35:39 GMT","end":"Wed, 18 Feb 2026 02:35:38 GMT"},"fingerprint":{"sha1":"F7:34:D5:B9:5D:3B:F0:9D:C0:A6:2E:2D:B2:D9:86:76:50:EE:8E:72","sha256":"2E:CF:65:C6:E9:E5:87:8C:B2:8F:35:30:51:3F:C0:59:D8:CC:2A:44:D7:DD:D2:80:5A:E2:C9:42:B7:48:B8:DC"}}},"request":{"raw":"GET /template/images/18.png HTTP/1.1\r\nHost: www.russiaporno.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 24 Dec 2025 17:33:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 3505\r\nLast-Modified: Wed, 19 Jun 2024 12:15:52 GMT\r\nConnection: keep-alive\r\nETag: \"6672cbf8-db1\"\r\nExpires: Thu, 24 Dec 2026 17:33:23 GMT\r\nCache-Control: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3505,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"890318ce54bcca39e157af66050176a4","sha1":"bc84825a4497b289e658af3c63584e9f6c190c2a","sha256":"c41afa12baebbba7a8a51151433faacc82c77970972a6115029a2e97be481b2e","sha512":"a180c885045bd540d15d1fa3ef934f942f13942cb4ff0fae2373281cb1bd9d3973e43dd23ab8461b645db556cd838298f04f97b3853cb416beee5966eeba8a3b","ssdeep":"","tlshash":"e5717f85d7106540d2c568837cee406efca34583ebc5dda6f567dc6d4cf44d5841d487","first_seen":"2025-01-24T08:58:41.474873Z","last_seen":"2026-02-25T12:46:35.588376Z","times_seen":89,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/003/510/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/003/510/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15928\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:20:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8f8-3e38\"\r\naccept-ranges: bytes\r\nage: 1930286\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=02fWa0DXk47RUqkeI03IBri436EIuGpspTvmlv66kkqzCevqb1tkPi1MP5pJz%2FmJkxcaY8ZvJzvQU2o7Yf0Qbb3wCiH%2BsWTt14WLyeIS\"}]}\r\ncf-ray: 9b31d7c6e90056b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15928,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"c4784f400221280728bd5adf4f96407f","sha1":"759838713e11eb0c5a0a2f506cbd33e7ac896960","sha256":"25bf33e501a107f6ef7e117a25325eb39d7191224bba75f1df50ca13497b6580","sha512":"4aeb397a6f06737856c02daa6372c3dd62bc48d8e041355e6476ec72e0d34a107bf9532222bf3c0b4b9c71836a41f81c61c3d7e35d5ebbc95fd4bc64483e9fa8","ssdeep":"192:gW8uBooF62iGmJ6NAkEEj39rHjGTTQOqPxMjZ8QlrhRTumOfvQaPJQErU+Ptyr+I:gnN22JwE4NHCQOqZM98sr70txh4CW","tlshash":"9462afe0bf121919c498b2324934458ad47e1baec8cbd29b78dad9b5532b6be4c8006d","first_seen":"2025-12-02T13:32:59.562992Z","last_seen":"2026-01-15T02:36:37.256935Z","times_seen":5,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filtradas.com/uploads/default/optimized/2X/2/2575f6ef45a0c27f83e8d09f362675baed9ee8b1_2_1024x576.jpeg","fqdn":"filtradas.com","domain":"filtradas.com","tld":"com"},"ip":{"addr":"91.234.199.87","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filtradas.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 04 Nov 2025 03:08:59 GMT","end":"Mon, 02 Feb 2026 03:08:58 GMT"},"fingerprint":{"sha1":"E1:A5:18:66:02:A1:30:48:C0:63:B8:0D:A6:A0:6A:4D:49:FB:31:A4","sha256":"F3:EF:EA:51:6F:29:3C:97:1C:9E:B5:C9:DB:69:E9:BE:55:EA:E1:47:AC:EB:1B:EB:A6:2A:5B:B1:74:85:D0:AB"}}},"request":{"raw":"GET /uploads/default/optimized/2X/2/2575f6ef45a0c27f83e8d09f362675baed9ee8b1_2_1024x576.jpeg HTTP/1.1\r\nHost: filtradas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 74427\r\nlast-modified: Mon, 08 Dec 2025 05:08:16 GMT\r\nexpires: Thu, 24 Dec 2026 17:33:18 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74427,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x576, components 3","md5":"5cfc7841f6d8e7e3f08091450852b5f6","sha1":"f25960ccc6aeafa70b7c75e4fe8d75bfcc058f83","sha256":"dd6bb44514f0f9e2df6e60f76ba955aef3c4b8b8f30367d1e68292833df04470","sha512":"55f6e5177521797fbc94589b8ef61071697c3237c31029c0383eed0d0260187b2cb9532fdd77e332e873b410d459400aa0dbbe42844ff8c7d6a3e6aaa599e5df","ssdeep":"1536:nrLjeEdhSOk/DNqQcij/8BI/e8Us8NlRuno6ZTuZIqlFoU21:PqE7SfZqVUMI/Qs8cNBwg","tlshash":"6e730263f26840cdb6bef8739454dc7064ea3964fe8df94da7c8521105dbe84da00aeb","first_seen":"2025-12-20T22:38:54.469302Z","last_seen":"2026-01-21T08:47:17.622014Z","times_seen":31,"resource_available":false,"data":null}},"time_used":903,"timings":{"blocked":296,"dns":2,"connect":124,"send":0,"wait":23,"receive":89,"ssl":305},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/48140495/1?wmode=7\u0026page-url=http%3A%2F%2Fjp.av2.top%2F\u0026charset=utf-8\u0026uah=che%0A0\u0026browser-info=pv%3A1%3Avf%3A1nmhispdoya1ro1ej5uutvpoh5pcv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2292%3Acn%3A1%3Adp%3A0%3Als%3A869442975506%3Ahid%3A347096415%3Az%3A0%3Ai%3A20251224173320%3Aet%3A1766597600%3Ac%3A1%3Arn%3A86133492%3Arqn%3A1%3Au%3A176659760010995614%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A3195%3Awv%3A2%3Ads%3A1%2C224%2C224%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1766597596540%3Afip%3A62236e752d3f7c5fd4f9360431331564-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-8d2357552742d775381be8c05efc2ed7-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1766597601%3At%3AHot%20Videos%20%E4%BA%BA%E6%B0%97%E5%8B%95%E7%94%BB-%E5%8B%95%E7%94%BB%40AV4.us\u0026t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842534404%29fip%281%29ti%281%29\u0026redirnss=1","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:20.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/48140495/1?wmode=7\u0026page-url=http%3A%2F%2Fjp.av2.top%2F\u0026charset=utf-8\u0026uah=che%0A0\u0026browser-info=pv%3A1%3Avf%3A1nmhispdoya1ro1ej5uutvpoh5pcv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2292%3Acn%3A1%3Adp%3A0%3Als%3A869442975506%3Ahid%3A347096415%3Az%3A0%3Ai%3A20251224173320%3Aet%3A1766597600%3Ac%3A1%3Arn%3A86133492%3Arqn%3A1%3Au%3A176659760010995614%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A3195%3Awv%3A2%3Ads%3A1%2C224%2C224%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1766597596540%3Afip%3A62236e752d3f7c5fd4f9360431331564-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-8d2357552742d775381be8c05efc2ed7-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1766597601%3At%3AHot%20Videos%20%E4%BA%BA%E6%B0%97%E5%8B%95%E7%94%BB-%E5%8B%95%E7%94%BB%40AV4.us\u0026t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842534404%29fip%281%29ti%281%29\u0026redirnss=1 HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://jp.av2.top\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: yabs-sid=2280527651766597600; i=YwrM5cEUHf1P4wkfO/dglNZudToDRbfDZ2e7FD0760sHeYrd81FrbAmZnJWvxrumXWlgxuErAKGRIXw7Lw7SPzQsPKs=; yandexuid=8980071151766597600; yuidss=8980071151766597600; ymex=1798133600.yrts.1766597600#1798133600.yrtsi.1766597600; bh=YODHsMoGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 645\r\naccess-control-allow-credentials: true\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\naccess-control-allow-origin: http://jp.av2.top\r\nx-content-type-options: nosniff\r\nexpires: Wed, 24-Dec-2025 17:33:20 GMT\r\ncontent-type: application/json; charset=utf-8\r\nstrict-transport-security: max-age=31536000\r\nx-xss-protection: 1; mode=block\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nlast-modified: Wed, 24-Dec-2025 17:33:20 GMT\r\npragma: no-cache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":645,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"07454963b2eb4fae725d359e24f18864","sha1":"ed98c332896ab94812cd1694ac8ef9614ebf7332","sha256":"8468f418898d90e46151255fa927661461d2aca96fe558339a6c428287e884ab","sha512":"15980c034c05edcf2f35666941fb71d9852ca0ae2cc62c4e94671e21d7f5a6169ec7ae962b41a0477bb206d4e0f8cb30b3cce1f268f7506618103ae6eed754fe","ssdeep":"","tlshash":"95f0022c346c49ba0b9b4e2390de264bd51d310dce5723e4a2a29644097fe973f5aaf0","first_seen":"2025-12-24T17:34:12.61932Z","last_seen":"2025-12-24T17:34:12.61932Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"blumpkintube.com/thumbs/685/627_.jpg","fqdn":"blumpkintube.com","domain":"blumpkintube.com","tld":"com"},"ip":{"addr":"104.21.79.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blumpkintube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 21:29:09 GMT","end":"Fri, 06 Mar 2026 22:25:31 GMT"},"fingerprint":{"sha1":"F0:75:18:71:3B:57:62:7E:D0:B3:6D:BB:CB:8B:B7:85:4A:62:A2:F9","sha256":"83:20:32:82:21:E4:38:2F:12:C3:85:A8:D6:B1:D1:E0:F4:EF:92:1B:D2:51:B1:35:BB:20:DF:AC:53:43:CA:F8"}}},"request":{"raw":"GET /thumbs/685/627_.jpg HTTP/1.1\r\nHost: blumpkintube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12168\r\nserver: cloudflare\r\nlast-modified: Sat, 14 Nov 2020 00:28:36 GMT\r\netag: \"5faf24b4-2f88\"\r\nexpires: Mon, 21 Dec 2026 06:50:56 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 297741\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q6u4LOpiO3gUZq08zllZ1QoS7vdh8SyuRaSAhvfXG2ttBZ0LfuysrUFNfUSvbnTqG81Ztgwhh5TzWrue8W93U9V3k4rZ3bju%2BtQvMmBt\"}]}\r\ncf-ray: 9b31d7cbaafab4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12168,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 312x208, components 3","md5":"02823cc4dc457e415ec0db171ee883d3","sha1":"d30c3c5e729dade193ad5faafb64f858784ab601","sha256":"e474cfe96c62d07b12073c6a634bf539984a8d5c44153cd910c4a7fca59f1264","sha512":"a7e540afb663c5613cc3d37641f8364cf311aa251861bd2f2590b922874d49176a9dc0d8de1a53ba18eea0818c052f6df609d019532724e1b00ed218f0deadad","ssdeep":"192:KycgIHrln/ze3CiI4DR0EMrlQQnXh+iLuwb25ggDVSINaTZRRWLzUzRS0:Kl1xn/zmCyqrZ5XwiLuw6JDV7E1RAsVl","tlshash":"3542c089ff1224d479447cb97bd1ad0697f3d91a300f07c1fcec2b889ba9a962f80410","first_seen":"2024-10-19T16:33:53.4435Z","last_seen":"2026-03-02T10:40:01.414305Z","times_seen":31,"resource_available":false,"data":null}},"time_used":764,"timings":{"blocked":352,"dns":2,"connect":5,"send":0,"wait":8,"receive":1,"ssl":336},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/006/321/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/006/321/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12980\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:18:54 GMT\r\npriority: u=4,i=?0\r\netag: \"65fec8ae-32b4\"\r\naccept-ranges: bytes\r\nage: 1930297\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KX2d1JvPuw6Y%2FIgPJS5081Ba%2BFc6rsHC6dIHM5o4Iw74z5%2BDg8X8B%2Bc3pWdvDAGAsiH4Au1ptbtLgUiED8hYFoDiPIaQuvNgjfILnHYQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7d04ebd56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12980,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"9dd934291d5b57d5a99d228fb609b17f","sha1":"422fd08735ad0b2f3add8f15518ca3c6afe525c9","sha256":"0eed893a12353e461269d4d356aa2332d802d13ad4e56d8f067ed9ec4d29f0df","sha512":"947f0934bcbc61c8baf58f375e4f817c75b7ef79dc583a5ee04a724301a7e6df130e44dc5e1cdd8740c984975df8e4313c5ed9d56aedf5fead642dbf2f50f7d0","ssdeep":"192:nlwFZkIpKR+bW6uo9+R2F5bJWXQR58l87sE2tqd3py+QxuYqi:nlI31Em5bJWwiYsPG3YPT","tlshash":"c142be6273343005df2d3b3ad6ad71351321d98411893a1af8b63a3ce69e961d9cccbe","first_seen":"2025-11-10T18:09:19.532983Z","last_seen":"2025-12-24T17:34:12.621432Z","times_seen":3,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","date":"2025-12-24T17:33:20.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://css.jpg4.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30399\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:57:46 GMT\r\nexpires: Sun, 20 Dec 2026 10:57:46 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 369334\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8zoo.net/favicon.ico","fqdn":"8zoo.net","domain":"8zoo.net","tld":"net"},"ip":{"addr":"104.21.47.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8zoo.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Nov 2025 16:34:39 GMT","end":"Sun, 08 Feb 2026 17:33:09 GMT"},"fingerprint":{"sha1":"60:48:85:89:C9:1D:16:89:4A:E2:81:87:84:4C:C9:71:BF:EF:FD:1F","sha256":"C1:11:21:AA:F3:1A:63:18:2E:03:F5:4D:E5:50:1A:41:0E:8F:64:79:A4:EA:44:1C:17:A1:35:59:CD:48:CC:84"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 8zoo.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SoJXNvxwX1nhRRoPn0%2BJRnf%2FUG33wqNUMr2I1YDx%2BDGgYYz1KVT9iD0IihW7Bfbqnn8ya9zwlZ9FA8Ljc%2Fym9u%2BcDV3b%2Bw%3D%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ncf-ray: 9b31d7e77fc456ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":12,"connect":6,"send":0,"wait":31,"receive":0,"ssl":124},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"en.vidmo.org/favicon.ico","fqdn":"en.vidmo.org","domain":"vidmo.org","tld":"org"},"ip":{"addr":"89.248.193.244","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vidmo.org","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 04 Nov 2025 00:00:00 GMT","end":"Mon, 02 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5A:F1:73:5E:65:04:62:81:77:0D:E9:30:2A:1C:AD:D5:01:9C:EB:EA","sha256":"0B:B8:D8:59:9D:1C:FB:70:0B:B7:41:7B:8D:14:0C:20:7A:72:1E:79:FB:DA:ED:19:76:A7:FE:38:A5:4F:84:5B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: en.vidmo.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 5430\r\nlast-modified: Sun, 14 Oct 2012 21:41:38 GMT\r\netag: \"507b3192-1536\"\r\ncache-control: public, no-transform\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5430,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"6b6734885d5e4ff9dbb7d82ba6023598","sha1":"3c454d68a346b375ed7b59a131699061e7393b1f","sha256":"0f8e5edd4348eaa11881bf6150baf7b3182b1c3e29c6378e0e921afce7d91819","sha512":"e3d4562da250a2096981bd9a211efa643400ebe18a2d0765e750454b4cf75cb31e9594d8fccfa61a4c86e1c08bbf130dbc635c2974996838444cef029bf3eb50","ssdeep":"96:12lbcmeAscXXZCGv56cOtAe8CKfMibd+tLMiWMyuFa:0muCQpBQ6d+ti","tlshash":"a9b173c151c1e587e0274f38e237d750b1fa2c13bab0ea85156b7a555a731898317b1e","first_seen":"2023-05-05T08:02:57Z","last_seen":"2026-04-12T19:29:51.616695Z","times_seen":690,"resource_available":false,"data":null}},"time_used":504,"timings":{"blocked":-1,"dns":18,"connect":44,"send":0,"wait":92,"receive":1,"ssl":326},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fqjpg4.top/upload/vod/20241104-1/5f468a24ad369085b21088ef501bb564.jpg","fqdn":"fqjpg4.top","domain":"fqjpg4.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.331Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /upload/vod/20241104-1/5f468a24ad369085b21088ef501bb564.jpg HTTP/1.1\r\nHost: fqjpg4.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":918,"timings":{"blocked":285,"dns":3,"connect":163,"send":0,"wait":0,"receive":0,"ssl":414},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"fqjpg4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sexsex10.com/favicon.ico","fqdn":"sexsex10.com","domain":"sexsex10.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.286Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sexsex10.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/002/951/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/002/951/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11668\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:19:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8c0-2d94\"\r\naccept-ranges: bytes\r\nage: 1930162\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2%2BtVlYIfkbcdPldKTLmxFxasWzoNmyX4QTlCaRr6iN%2BqJx8ftG9RALwNb6zxOHs1ENalpDUDswKvCZbuGkqMcVl7F2ytHIJJm1Tp%2FWOI\"}]}\r\ncf-ray: 9b31d7c6e8fb56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11668,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"07d87797b92fa843ed2648c8f791409a","sha1":"74f7ab9c4ff0f1be33084ca0837aafdf852df2b8","sha256":"f14721a0eb6a9c098f6ea6e664450b5b26d271fa51e9318adcfca0388b9d458d","sha512":"a987237b14c3ae2ebae15853c77e954d7a28393995649b23581ec205c9ee8767cc4e4bc5199606bbfe4e5d84f99f18183c985d41aa8de17c59b2e65c88b8ec1a","ssdeep":"192:JlmrLaSlbA0TpP+BQRi1ELbpw6uNIz3wiChd6DvzsU/LfxmLE2ih++g:DSaMAmP+BYi1ExwGod6bzsU/DsLE2ih+","tlshash":"7a32b05194478572eb4e48314e961b8d19c3aaa2cf46b729b6d04f520b36d7fc90c068","first_seen":"2025-06-16T22:45:57.420143Z","last_seen":"2025-12-24T17:34:12.623145Z","times_seen":5,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kzjiaio.org/favicon.ico","fqdn":"kzjiaio.org","domain":"kzjiaio.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.205Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kzjiaio.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1061,"timings":{"blocked":0,"dns":760,"connect":150,"send":0,"wait":0,"receive":0,"ssl":148},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sexsex61.com/favicon.ico","fqdn":"sexsex61.com","domain":"sexsex61.com","tld":"com"},"ip":{"addr":"202.95.16.30","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex83.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 11:56:06 GMT","end":"Wed, 04 Mar 2026 11:56:05 GMT"},"fingerprint":{"sha1":"62:15:D0:4F:44:F8:F8:4E:EB:1C:8C:5D:5B:6C:03:3A:EC:61:66:78","sha256":"E2:4B:7E:3F:65:EB:1A:17:67:6A:30:C4:46:A1:06:E7:37:DB:6C:BC:29:8D:B2:69:0E:32:F5:66:3A:4E:DB:52"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sexsex61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 404\r\ndate: Wed, 24 Dec 2025 17:33:23 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":2510,"timings":{"blocked":578,"dns":78,"connect":275,"send":0,"wait":1266,"receive":0,"ssl":281},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"douga100ka.net/sam/1800.jpg","fqdn":"douga100ka.net","domain":"douga100ka.net","tld":"net"},"ip":{"addr":"133.125.148.22","port":443,"asn":7684,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"douga100ka.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 11:55:37 GMT","end":"Fri, 20 Mar 2026 11:55:36 GMT"},"fingerprint":{"sha1":"0B:57:4B:B0:58:D8:F9:1F:82:A0:55:7D:73:3A:B3:F4:C4:01:E2:4B","sha256":"33:39:60:D8:00:94:8E:62:9E:38:65:B2:CE:53:9C:79:04:59:C5:5A:AE:15:D7:3F:7B:8C:F9:DF:A8:8B:3B:19"}}},"request":{"raw":"GET /sam/1800.jpg HTTP/1.1\r\nHost: douga100ka.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 31 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 24 Apr 2017 15:00:00 GMT\r\naccept-ranges: bytes\r\ncontent-length: 11839\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\nserver: LiteSpeed\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11839,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.00, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 240x240, components 3","md5":"dae7b3a8ba2693ea90bdedc14e05c00d","sha1":"5b1510602faf21661a4e64a400dc01c3cd876c19","sha256":"deac44fd1064837e167e61d63efcceca95c5b2112d285c242514c90da9d41c7a","sha512":"4f711b701731e938ea8824e64580394ac9edb16f8613ff8fc9a97ffca7aef3bc8397fd02b1dd3608d34c9f5d62e40741ad10534fcb0a3517246d2aca1f5ff847","ssdeep":"192:PfWjgJWLs6QCfqcDnzDvMdKg+eKQP8TxWUvarhic4:bJWLs9C/nPMxjAYLf4","tlshash":"1132cf67b7210fd7b132a3f9815b4d8037e1cc2db824be17c8f2a5661d4a2a162c6268","first_seen":"2024-08-20T02:29:37.509874Z","last_seen":"2025-12-24T17:34:12.624128Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1846,"timings":{"blocked":286,"dns":3,"connect":298,"send":0,"wait":286,"receive":1,"ssl":961},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/006/168/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/006/168/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10825\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:18:57 GMT\r\npriority: u=4,i=?0\r\netag: \"65fec8b1-2a49\"\r\naccept-ranges: bytes\r\nage: 1930181\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FuoR1s93cnaCvuND%2F8fA1M%2Fy%2Bexzcs725uowv2i5eizRo%2BgkuWddiGEVcdqjHvYCe%2Fz%2BmH7uFa%2Fpaprrx08u2heeitfdqa7d0%2Fu27Vji\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7d07ed456a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10825,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"85667fde79e4e39a75cd55bee65ce5e2","sha1":"df67253589345bd0206b6f231be764a5b8b90af6","sha256":"e5f9640772455f4689be80fb1f7b078a534c1d472531290eb5da4fa3be421d57","sha512":"cd5d67ae22b728543c103f34612ebc6a1c415344048355c6bde580f4ee8e86bb5718f7d40617f218d94ab1e8959d4c40c272cc739ddae80a9e8681bbebfeba15","ssdeep":"192:PSSSSSSonTw37ycPnNV4gppqWlGZMUGK8LIb8FfHDpFB4pROPjk9V5a33KNr:PSSSSSSo837XPnNVV58WJIbYfHx4pEq5","tlshash":"b122ae6c0ab6d12bcd7c313b27b9064a5334eb16118abb2613643b097f2913b9d646f7","first_seen":"2025-10-17T05:03:06.640125Z","last_seen":"2025-12-24T17:34:12.625424Z","times_seen":4,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"en.vidmo.pro/thumbs_320/fb/b2/fbb248e05f28d765b52b43006420f164/6341642.jpg","fqdn":"en.vidmo.pro","domain":"vidmo.pro","tld":"pro"},"ip":{"addr":"89.248.193.244","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"en.vidmo.pro","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 21 Nov 2025 20:48:10 GMT","end":"Thu, 19 Feb 2026 20:48:09 GMT"},"fingerprint":{"sha1":"B8:8B:9C:2B:E9:53:D3:85:0E:57:74:8D:32:07:72:DF:38:F3:91:DA","sha256":"9B:B3:9F:DD:FB:1B:36:C3:04:60:BF:DF:87:AA:AB:5D:F6:0D:45:20:77:9B:29:19:5F:C4:B6:F1:04:C9:23:3E"}}},"request":{"raw":"GET /thumbs_320/fb/b2/fbb248e05f28d765b52b43006420f164/6341642.jpg HTTP/1.1\r\nHost: en.vidmo.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 39288\r\nlast-modified: Sat, 02 Dec 2017 08:31:59 GMT\r\nexpires: Wed, 17 Apr 2024 16:09:20 GMT\r\ncache-control: max-age=604800, public, no-transform\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39288,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100\", baseline, precision 8, 320x240, components 3","md5":"a3969b1870cd1f17f97ed4b19827ab5f","sha1":"1a05654b396d8dee55a20b2c5ce197c0cbff6158","sha256":"67a8d3599df2178c9b1e2db77646fefe8f56ace80e4f5fea7f787e4d17c2a7a5","sha512":"00d90d809beddc5e44ae18a7a5fd504873c5f78c367c47be5326ac762a2e18498f8e872b87a1695b318a6dd58d82140c0de6262bcfc1d03d296d59e38bb2b488","ssdeep":"768:/tm8zPb+nHhF6c+xVHGbQXMlo+ehzS2b5edSwE//MLGdqvbR+DUw5O5orj:/tmg+nHFMmbQXAFes2bkUMnziN","tlshash":"8003f1300aa2154ba78f59be94ffd84f3494e121b9081f73d7088ce9c1578a6b0893ed","first_seen":"2025-06-05T17:56:20.294934Z","last_seen":"2026-01-09T07:48:48.512508Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1120,"timings":{"blocked":437,"dns":11,"connect":20,"send":0,"wait":21,"receive":29,"ssl":597},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"en.vidmo.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.russiaporno.net/favicon.ico","fqdn":"www.russiaporno.net","domain":"russiaporno.net","tld":"net"},"ip":{"addr":"78.40.116.236","port":443,"asn":200019,"as":"Alexhost Srl","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"russiaporno.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 02:35:39 GMT","end":"Wed, 18 Feb 2026 02:35:38 GMT"},"fingerprint":{"sha1":"F7:34:D5:B9:5D:3B:F0:9D:C0:A6:2E:2D:B2:D9:86:76:50:EE:8E:72","sha256":"2E:CF:65:C6:E9:E5:87:8C:B2:8F:35:30:51:3F:C0:59:D8:CC:2A:44:D7:DD:D2:80:5A:E2:C9:42:B7:48:B8:DC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.russiaporno.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: openresty\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, private\r\nDate: Wed, 24 Dec 2025 17:33:22 GMT\r\nLocation: https://www.russiaporno.net/template/images/18.png\r\nSet-Cookie: XSRF-TOKEN=eyJpdiI6IktpTDZSRkR6QTg0YXF3VmdLVXNIdnc9PSIsInZhbHVlIjoid2N2VUI2UGlxNWlBQWNZMWhUd2FiMVlTTG41Y1c4cnpPdGk0ZEZud01jQ0NYd2VCL3BSUmdzV3Juc1l0MTE4bzNuZWJIS2lIS1k5RWZMZzN3dE1qWXF0RlE0US9NRmI3TitSZUpGYVRRN2U4ZEdTeWpFT1pHNmk3TXlwMWN6N0giLCJtYWMiOiJjZThjMjI2ZDRmZjE2NTA1ZDc1OWYwYzgyMjk3NTAyODY2Njc2NWUyYWI4MjdkNDY3YTE0NDVlMzIzNzRmY2FjIiwidGFnIjoiIn0%3D; expires=Wed, 31 Dec 2025 17:33:22 GMT; Max-Age=604800; path=/; secure; samesite=lax\nlaravel_session=eyJpdiI6InhpOS9yUVlERFhFQnhORDNNVnk5OFE9PSIsInZhbHVlIjoiVGVHOEo5ZndEcGJETU16SlNYbklJcFhOWjRvakM5RUhYMEcyL29HcThLT2dMa3k1ZGdOdkNianRqNVpJdy9RRnZZM2dWNmQ5amQrdDZLajlZZ1hCY0JlUlI3SlkxZURCRUVWTFFzKzBYcFFHbzBDQ0prMUt3eWhHSHZVQVZ2QVIiLCJtYWMiOiIxZWJlMmYwOWIzYTY4ZmQzNjY1YzJkOTQ3MGJlMTBlMjYzYWZiOWRmZTM2N2JkZjY0MjY5ODg1NmJiZmU2NDVmIiwidGFnIjoiIn0%3D; expires=Wed, 31 Dec 2025 17:33:22 GMT; Max-Age=604800; path=/; secure; httponly; samesite=lax\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3505,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":321,"timings":{"blocked":-1,"dns":13,"connect":34,"send":0,"wait":87,"receive":0,"ssl":172},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filtradas.com/uploads/default/original/2X/6/663568304d9148166a9e56dbb1683058c4201c87.jpeg","fqdn":"filtradas.com","domain":"filtradas.com","tld":"com"},"ip":{"addr":"91.234.199.87","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filtradas.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 04 Nov 2025 03:08:59 GMT","end":"Mon, 02 Feb 2026 03:08:58 GMT"},"fingerprint":{"sha1":"E1:A5:18:66:02:A1:30:48:C0:63:B8:0D:A6:A0:6A:4D:49:FB:31:A4","sha256":"F3:EF:EA:51:6F:29:3C:97:1C:9E:B5:C9:DB:69:E9:BE:55:EA:E1:47:AC:EB:1B:EB:A6:2A:5B:B1:74:85:D0:AB"}}},"request":{"raw":"GET /uploads/default/original/2X/6/663568304d9148166a9e56dbb1683058c4201c87.jpeg HTTP/1.1\r\nHost: filtradas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 71379\r\nlast-modified: Wed, 17 Sep 2025 02:05:02 GMT\r\nexpires: Thu, 24 Dec 2026 17:33:18 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":71379,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 544x960, components 3","md5":"4e9f66bf3576aa644e4a7b0c8e202c8e","sha1":"663568304d9148166a9e56dbb1683058c4201c87","sha256":"7ed642b0cd7720004ca99d132b6837fb64906d9d1430ca3fc16d074510e3fdc4","sha512":"f10bdf42cca5e759b9e33f5ef5a0ad4cccd0e8a43a19ebbecb24e888c15ad608d33ccb02a78b0e8e2034ffff5eaa68623ec423fbe740b8cf539fc185f80bbaab","ssdeep":"1536:+0pZxufeypXf8TwAylES/bfgKYwsZReN/LvYVlW2G:vp7CLNpA4pjfg0jvYVle","tlshash":"86630261601c2da2953057ae7fd1ee00bdd23870a7879251beaa9b12f32d7e14f82331","first_seen":"2025-10-31T05:12:56.158682Z","last_seen":"2026-04-12T19:29:51.741131Z","times_seen":56,"resource_available":false,"data":null}},"time_used":997,"timings":{"blocked":346,"dns":2,"connect":124,"send":0,"wait":120,"receive":25,"ssl":311},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/yandex-metrica-watch/watch.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.423.0\r\nx-jsd-version-type: version\r\netag: W/\"3451b-8YT7/aBJ5ZJSl0gbbvYqRHErHmA\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\nage: 15875\r\nx-served-by: cache-fra-etou8220112-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 84645\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":214299,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (675)","md5":"13874b43d7a0d16e9294fbd7769da715","sha1":"80021aaaf6d92a36a4c07b8a0aa92c828c0e88b4","sha256":"1997c1177df62b07fd1794d3a9f8ebdc72842e6cb20a1e1987e939065921f646","sha512":"403cf4d5c09cb01f3ffa12aab85665ed7f39d89ef43127cc982dc478cebc89f618228abadfdec1aeb9894324335fcd988df24cb715cbba168bdb398dd2dc7461","ssdeep":"6144:y49/+QUgRED0pera7677001NeCHO/SPon:/+gmS767Q01NeCuwon","tlshash":"2b24e7d976927062937334b4902f000fb2bea8a6f10c8955f1c9d9d97e78da89137f6c","first_seen":"2025-12-05T22:31:48.465207Z","last_seen":"2026-03-18T10:59:26.977539Z","times_seen":566,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":268,"dns":3,"connect":49,"send":0,"wait":33,"receive":36,"ssl":214},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tubetubetube.com/tubes/hot.movie/haru.ito/video8395/1.jpg","fqdn":"tubetubetube.com","domain":"tubetubetube.com","tld":"com"},"ip":{"addr":"172.67.146.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tubetubetube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 14 Nov 2025 19:06:15 GMT","end":"Thu, 12 Feb 2026 20:03:53 GMT"},"fingerprint":{"sha1":"12:06:A4:35:D9:08:B3:92:51:1C:CD:79:8F:E0:C7:41:AC:7C:F6:56","sha256":"8F:30:BF:FA:FB:5E:77:60:A7:0C:83:01:40:1C:DE:60:82:23:BC:D0:D8:FE:F9:CB:60:7A:61:50:A3:A4:6A:63"}}},"request":{"raw":"GET /tubes/hot.movie/haru.ito/video8395/1.jpg HTTP/1.1\r\nHost: tubetubetube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: text/html\r\nlocation: https://g.uuu.cam/movie/hot.movie/haru.ito/video8395/1.jpg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CW%2FilEBO1FoqLP1bgQJhapFexh4lVsO8%2FdIEkocRdB4svmG7frc5RtOK0Sgs1cOlGrfQarw%2B0M6S6fcus%2FlelzpYhqIb89axNxqx2%2Fck4Rw%3D\"}]}\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncf-ray: 9b31d7d30f674c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60246,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filtradas.com/favicon.ico","fqdn":"filtradas.com","domain":"filtradas.com","tld":"com"},"ip":{"addr":"91.234.199.87","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filtradas.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 04 Nov 2025 03:08:59 GMT","end":"Mon, 02 Feb 2026 03:08:58 GMT"},"fingerprint":{"sha1":"E1:A5:18:66:02:A1:30:48:C0:63:B8:0D:A6:A0:6A:4D:49:FB:31:A4","sha256":"F3:EF:EA:51:6F:29:3C:97:1C:9E:B5:C9:DB:69:E9:BE:55:EA:E1:47:AC:EB:1B:EB:A6:2A:5B:B1:74:85:D0:AB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: filtradas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.tubetubetube.com/tubes/hot.movie/haru.ito/video8395/1.jpg","fqdn":"www.tubetubetube.com","domain":"tubetubetube.com","tld":"com"},"ip":{"addr":"172.67.146.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tubetubetube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 14 Nov 2025 19:06:15 GMT","end":"Thu, 12 Feb 2026 20:03:53 GMT"},"fingerprint":{"sha1":"12:06:A4:35:D9:08:B3:92:51:1C:CD:79:8F:E0:C7:41:AC:7C:F6:56","sha256":"8F:30:BF:FA:FB:5E:77:60:A7:0C:83:01:40:1C:DE:60:82:23:BC:D0:D8:FE:F9:CB:60:7A:61:50:A3:A4:6A:63"}}},"request":{"raw":"GET /tubes/hot.movie/haru.ito/video8395/1.jpg HTTP/1.1\r\nHost: www.tubetubetube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-length: 0\r\nlocation: https://tubetubetube.com/tubes/hot.movie/haru.ito/video8395/1.jpg\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y0nwulvLqUU5OAULZfjKeLCMG5MhzYQJ6bSlicL7sFzxEu1%2F7npyNMC2ZnY0B3GIwvxEgZCXGDCBv3VNYAVSonPWIt7SwdIxIR5DIsU%2FU%2BtumwUK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b31d7cb7a2b4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60246,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":725,"timings":{"blocked":338,"dns":2,"connect":5,"send":0,"wait":6,"receive":0,"ssl":319},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/07/bfmxz99e_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/07/bfmxz99e_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 404207\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 20 Dec 2025 01:16:29 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=09j68z2XUXEysWBdC9bEi0FM%2B9%2FFr9LMKTiAVETT1D0yKvLyYed49Q8g1nl7prrHuMNxIbnzIUwfszGMOwcJSuhDQhcQxKNud58%3D\"}]}\r\ncf-ray: 9b31d7c6ef1db1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":107108,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 637x600, components 3","md5":"04acc4f387fad6debcab21545d27813c","sha1":"74ed33a7ae436b20250335a10e0f2457e7c521ed","sha256":"5f04f3e9106577b0bc74402752f64b4a0ccf9d602435d5a47b38930eccd9bf60","sha512":"b2aad38221f1fdd3aa7d733c547ae94d9fee27ef927d55628327a69b55f986dee87033cffb9af2d61e572d8aaeda8d0f6ced0f02769f92b170951589c04d1ace","ssdeep":"1536:Gu1bHM2EIRXjBn9CwYQq3yI0CzTwRkrSEeiO2i3zjDHgg7lEDqusDUDjOQ2L1+vF:O4RFYFyI0sTweW6i30g7lu1OpZ+vF","tlshash":"70a313d1032c23893d9701b5e46ebea115eb94d34bcc3da1e05aef3161f26e4d6648ba","first_seen":"2025-07-30T08:26:08.390424Z","last_seen":"2026-02-14T16:06:52.876334Z","times_seen":8,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:20.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jpg4.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 15:32:54 GMT","end":"Thu, 26 Feb 2026 16:30:32 GMT"},"fingerprint":{"sha1":"DD:1F:06:D1:AD:C8:98:82:F6:76:1B:72:E5:E3:ED:49:53:4D:2E:C2","sha256":"5D:0D:E6:96:38:E2:AC:E2:A7:81:11:6D:6A:D8:8A:47:43:3D:50:7D:FE:2E:30:F8:62:AA:CC:2B:30:C7:DF:7F"}}},"request":{"raw":"GET /tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3 HTTP/1.1\r\nHost: css.jpg4.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\n8tagproxuri: /tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3\r\nx-frame-options: ALLOWALL\r\ncross-origin-resource-policy: cross-origin\r\ncache-control: public, max-age=72000\r\n598tagproxuri: /tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Cake\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qLrUIwBc7eFiLlpHW8jUhbGZ7Fglepa%2BrFzvKbi3N9WURd%2B%2Bp5C8ZIn0rV1kLiZobV6dbvfH%2BdpDZ9YWxx5LzAVta9NiB53Yzo0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 31791\r\ncf-cache-status: HIT\r\nlast-modified: Wed, 24 Dec 2025 08:43:29 GMT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9b31d7dabbd95685-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28875,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (28728), with CRLF line terminators","md5":"3da2b7b9d16b3390be4ccd4f3950c629","sha1":"661d50d557638a83514fd79a49831f6b5174f3d2","sha256":"2dcf9ecab6e1e7a749b33dbd33b7f7bc57f6cdec24ba9cfdfbba07ea4cebbf90","sha512":"1baeeeb618066b317714270338f34e7c7f87b1d6b4483b07d1c4bd3442c4dfb3fc905cbf7636f31b9bfa2ce77df60f72adccd901d9b97713d1da3b835fdbc18a","ssdeep":"192:qq6FhutEEt+Wo7PdQWYiNpuUpUT9Y8xP8nEfh+4o+bszULX7GgyRjFe2exm:T6qK8biNpuUpU9P8EicPKym","tlshash":"23d27097a344eb3c1cc25b057ce7f3a9d9f2e54f6c938117a871922d11006acfcd6aa2","first_seen":"2025-12-24T17:34:12.629223Z","last_seen":"2025-12-24T17:34:12.629223Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.twi-dl.net/favicon.ico","fqdn":"www.twi-dl.net","domain":"twi-dl.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twi-dl.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Oct 2025 21:11:58 GMT","end":"Mon, 26 Jan 2026 22:10:41 GMT"},"fingerprint":{"sha1":"7B:5A:31:55:FE:D9:83:76:C3:AE:C5:F0:67:0A:52:98:13:89:00:03","sha256":"CD:0C:06:69:10:2E:6D:47:9E:83:99:4F:07:F8:20:9C:5D:55:AD:8F:0A:F2:6A:EC:08:85:FE:97:A4:F1:3B:F2"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.twi-dl.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zlfGD1EqTnOGdk7kG7vvRs5HNSRv%2BNPP77tXJtfBf3N3vFeeYaEOesNju64BJFjAVfT%2FEDvZ%2FhCmYzCZwFjooARVFBvyEyELc%2F1fxg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b31d7e69c3fb521-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":23,"connect":2,"send":0,"wait":7,"receive":0,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.dirtysancheztube.com/thumbs/6/412_sleeping.jpg","fqdn":"www.dirtysancheztube.com","domain":"dirtysancheztube.com","tld":"com"},"ip":{"addr":"104.21.16.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dirtysancheztube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 08:49:54 GMT","end":"Tue, 10 Mar 2026 09:47:30 GMT"},"fingerprint":{"sha1":"02:83:1D:ED:4E:1E:1A:12:51:8E:32:9C:83:6B:13:14:A0:D6:0C:86","sha256":"E5:E3:7B:42:CC:8E:22:92:63:CD:17:77:2E:11:2E:69:2E:9D:68:3D:1C:72:37:24:9F:47:DD:51:B0:83:B7:E3"}}},"request":{"raw":"GET /thumbs/6/412_sleeping.jpg HTTP/1.1\r\nHost: www.dirtysancheztube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11452\r\nserver: cloudflare\r\nlast-modified: Wed, 29 May 2019 09:00:27 GMT\r\netag: \"5cee4a2b-2cbc\"\r\nexpires: Sun, 20 Dec 2026 08:33:18 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\nage: 377998\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M3xoopurT%2BJf4XQxYDzb0w2oVaC4Vptspq6UFtF%2FH%2FZfb7Ea7k6PHEiEicBOKjtMoYrykvT7oj9oNulogUvSuq9DAG1EVTmv0tmjUHvpXSPb6xd98Tw%3D\"}]}\r\ncf-ray: 9b31d7c749a30b4d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11452,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 312x208, components 3","md5":"e6d8bc2857a9a53a3c37338456522d8e","sha1":"7286ad82e54c74e3989253b3989e45df66203515","sha256":"ef7d4eadb0190b25e0a229df8edd04be8439c556fecf22cfe27d0da56cc24d21","sha512":"091efd111073752539bfedc276086868dca257612a8543e07009382b6c392d480a02028a99acfe89b86e72b49265210ac964a523df6298a95d7e42b1f57270ae","ssdeep":"192:IWvV6QprMezDPcOKHcKXf4HnHZ6bRLjNVpR7bTwIyccnltulXvPnDLjzrxDg0:IWgkMcj2XP4HnHZYVXdTlyTltul/HjzL","tlshash":"5e32af560690bdccb17fc97732ee4e11d1e22baba93d945b01e0871439bad2d98b7438","first_seen":"2025-06-05T17:56:20.34439Z","last_seen":"2026-01-11T02:58:14.09675Z","times_seen":15,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":39,"dns":29,"connect":3,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtgallery.net/favicon.ico","fqdn":"rtgallery.net","domain":"rtgallery.net","tld":"net"},"ip":{"addr":"5.63.144.84","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtgallery.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 17:00:08 GMT","end":"Tue, 17 Feb 2026 17:00:07 GMT"},"fingerprint":{"sha1":"5D:8A:5C:FE:24:B0:28:D3:1B:23:AE:94:5D:BC:79:7D:DD:8F:20:3F","sha256":"7A:EB:AE:AA:18:8B:DF:0F:6B:03:FE:39:39:5C:2D:B6:E1:64:4C:4E:FC:EF:35:B2:E5:8E:27:F9:70:BF:DB:C3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rtgallery.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.22.1\r\nDate: Wed, 24 Dec 2025 17:33:22 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 894\r\nLast-Modified: Sat, 03 Jun 2017 05:36:38 GMT\r\nConnection: keep-alive\r\nETag: \"59324ae6-37e\"\r\nCache-Control: private, max-age=600, must-revalidate\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":894,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel","md5":"ecfa03337847c3b30c7c0c5c4bbb5c5f","sha1":"55457dd13b92fd876c253e3a74d46aec83429441","sha256":"903d49ac2a65b3e7452534fc61790a686d1be8b936e8e6bcd9f49b1739a746f9","sha512":"e05def7385dec8c99241ec00e4bf6fcfa023c9d2d0ea8a26d35f83831df14f4075c6d6fc8121d63de1387869a354af6664b6fe33101342709d0e4a7dd8f25d15","ssdeep":"","tlshash":"0b112b4aa11538a1d4f55575261a0ff95491c30ecdbed7d0c4f8f4f6e922924c738328","first_seen":"2024-05-20T05:01:42Z","last_seen":"2026-04-11T18:21:42.296402Z","times_seen":409,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/media/videos/tmb/000/001/936/3.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /media/videos/tmb/000/001/936/3.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17148\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:21:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec954-42fc\"\r\naccept-ranges: bytes\r\nage: 1929174\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TLSqc157sMK7DE2j%2BC1tF%2BnaVUhRaO%2F9ht0gp6HNz9awACr3SvfLYxJkuj1TBgthaw8pMT32IEHYOWOu1kALT32JazCMaUYfDSUtHVwU\"}]}\r\ncf-ray: 9b31d7c6e8fa56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17148,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"eadfecf77093dae1a4e17ee1dc45f431","sha1":"4d5e615146ebc5d32dabb6d7e0fcccfa6e187ad2","sha256":"8f6c5e80347573fd24c057755e290d784b93f368db6f69af280902359a9dc47e","sha512":"4481061ffa9fa728fad322e4ba49aab278af0eacdcdf5b53f7cd306d92a6ea482158857dd296314e39f9260a3d8065640f23ed189608ffe96c891fc4702f26e7","ssdeep":"192:RoZxUSfXnbLkEhXD7ITsCCzvxbq2OdOsg/achcvH1PtonIH/UPLZV+LiwZc9XM7V:KVXJWQljHOUsg/tcDoIH/UPFLKN3PP","tlshash":"9b72d0aadd425542f4ad31f32c3a47152d178fce79bd613a46d1ee2883291ef1c2887a","first_seen":"2025-11-19T08:51:13.767505Z","last_seen":"2025-12-24T17:34:12.632457Z","times_seen":4,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":21,"connect":5,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"page.phic4.top/myda.php","fqdn":"page.phic4.top","domain":"phic4.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.981Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /myda.php HTTP/1.1\r\nHost: page.phic4.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":479,"timings":{"blocked":0,"dns":22,"connect":227,"send":0,"wait":0,"receive":0,"ssl":227},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"page.phic4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"page.phic4.top/myda.php","fqdn":"page.phic4.top","domain":"phic4.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","date":"2025-12-24T17:33:21.006Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /myda.php HTTP/1.1\r\nHost: page.phic4.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://css.jpg4.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":697,"timings":{"blocked":0,"dns":0,"connect":473,"send":0,"wait":0,"receive":0,"ssl":221},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"page.phic4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.twi-videos.net/favicon.ico","fqdn":"www.twi-videos.net","domain":"twi-videos.net","tld":"net"},"ip":{"addr":"104.21.75.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twi-videos.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 10:50:26 GMT","end":"Sun, 15 Mar 2026 11:47:50 GMT"},"fingerprint":{"sha1":"B5:B9:48:51:BC:7F:B0:FE:05:2F:AB:85:59:0B:25:83:10:20:74:06","sha256":"6A:B9:1D:65:6A:C8:96:78:AD:B0:8D:7F:7E:09:8D:76:3F:A3:AD:CC:5F:3F:83:1A:F8:D4:28:AC:D6:DE:37:6A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.twi-videos.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f0F7zdiTdiRzAUzY8nV26wLrVgNOdr39hW7bIChS4mCY5Q%2ByUwBBGIkADuGEyFvmUOO%2B2%2BiLkuooM8hI81P8VsNpuuXgnyETQTLSfrfZeU%2FMsw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b31d7e5adb14c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":34,"connect":1,"send":0,"wait":4,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/favicon.ico","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"46.202.208.18","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 444 No Reason Phrase\r\ndate: Wed, 24 Dec 2025 17:33:23 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=8e24b569a590272a9b4329bb58acd27e; Max-Age=86400; httponly; path=/\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"444","status_text":"No Reason Phrase","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1149,"timings":{"blocked":-1,"dns":657,"connect":118,"send":0,"wait":234,"receive":0,"ssl":133},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/48140495?wmode=7\u0026page-url=http%3A%2F%2Fjp.av2.top%2F\u0026charset=utf-8\u0026uah=che%0A0\u0026browser-info=pv%3A1%3Avf%3A1nmhispdoya1ro1ej5uutvpoh5pcv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2292%3Acn%3A1%3Adp%3A0%3Als%3A869442975506%3Ahid%3A347096415%3Az%3A0%3Ai%3A20251224173320%3Aet%3A1766597600%3Ac%3A1%3Arn%3A86133492%3Arqn%3A1%3Au%3A176659760010995614%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A3195%3Awv%3A2%3Ads%3A1%2C224%2C224%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1766597596540%3Afip%3A62236e752d3f7c5fd4f9360431331564-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-8d2357552742d775381be8c05efc2ed7-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1766597601%3At%3AHot%20Videos%20%E4%BA%BA%E6%B0%97%E5%8B%95%E7%94%BB-%E5%8B%95%E7%94%BB%40AV4.us\u0026t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42534404)fip(1)ti(1)","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:20.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/48140495?wmode=7\u0026page-url=http%3A%2F%2Fjp.av2.top%2F\u0026charset=utf-8\u0026uah=che%0A0\u0026browser-info=pv%3A1%3Avf%3A1nmhispdoya1ro1ej5uutvpoh5pcv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2292%3Acn%3A1%3Adp%3A0%3Als%3A869442975506%3Ahid%3A347096415%3Az%3A0%3Ai%3A20251224173320%3Aet%3A1766597600%3Ac%3A1%3Arn%3A86133492%3Arqn%3A1%3Au%3A176659760010995614%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A3195%3Awv%3A2%3Ads%3A1%2C224%2C224%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1766597596540%3Afip%3A62236e752d3f7c5fd4f9360431331564-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-8d2357552742d775381be8c05efc2ed7-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1766597601%3At%3AHot%20Videos%20%E4%BA%BA%E6%B0%97%E5%8B%95%E7%94%BB-%E5%8B%95%E7%94%BB%40AV4.us\u0026t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42534404)fip(1)ti(1) HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nOrigin: http://jp.av2.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Wed, 24-Dec-2025 17:33:20 GMT\r\naccess-control-allow-origin: http://jp.av2.top\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nset-cookie: yabs-sid=2280527651766597600; Path=/; SameSite=None; Secure\ni=YwrM5cEUHf1P4wkfO/dglNZudToDRbfDZ2e7FD0760sHeYrd81FrbAmZnJWvxrumXWlgxuErAKGRIXw7Lw7SPzQsPKs=; Expires=Sat, 22-Dec-2035 17:33:20 GMT; Domain=.webvisor.org; Path=/; Secure; HttpOnly; SameSite=None\nyandexuid=8980071151766597600; Expires=Sat, 22-Dec-2035 17:33:20 GMT; Domain=.webvisor.org; Path=/; Secure; SameSite=None\nyuidss=8980071151766597600; Expires=Thu, 24-Dec-2026 17:33:20 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nymex=1798133600.yrts.1766597600#1798133600.yrtsi.1766597600; Expires=Thu, 24-Dec-2026 17:33:20 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nbh=YODHsMoGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Thu, 28 Jan 2027 17:33:20 GMT; SameSite=None; Secure\nbh=YODHsMoGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Thu, 28 Jan 2027 17:33:20 GMT; SameSite=None; Secure\r\nlocation: /watch/48140495/1?wmode=7\u0026page-url=http%3A%2F%2Fjp.av2.top%2F\u0026charset=utf-8\u0026uah=che%0A0\u0026browser-info=pv%3A1%3Avf%3A1nmhispdoya1ro1ej5uutvpoh5pcv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A2292%3Acn%3A1%3Adp%3A0%3Als%3A869442975506%3Ahid%3A347096415%3Az%3A0%3Ai%3A20251224173320%3Aet%3A1766597600%3Ac%3A1%3Arn%3A86133492%3Arqn%3A1%3Au%3A176659760010995614%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A3195%3Awv%3A2%3Ads%3A1%2C224%2C224%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1766597596540%3Afip%3A62236e752d3f7c5fd4f9360431331564-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-8d2357552742d775381be8c05efc2ed7-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1766597601%3At%3AHot%20Videos%20%E4%BA%BA%E6%B0%97%E5%8B%95%E7%94%BB-%E5%8B%95%E7%94%BB%40AV4.us\u0026t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842534404%29fip%281%29ti%281%29\u0026redirnss=1\r\nstrict-transport-security: max-age=31536000\r\naccess-control-allow-credentials: true\r\npragma: no-cache\r\nexpires: Wed, 24-Dec-2025 17:33:20 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":645,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":346,"timings":{"blocked":149,"dns":1,"connect":50,"send":0,"wait":48,"receive":0,"ssl":95},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stallionanimalxxx.com/favicon.ico","fqdn":"stallionanimalxxx.com","domain":"stallionanimalxxx.com","tld":"com"},"ip":{"addr":"185.162.130.18","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"stallionanimalxxx.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 12 Dec 2025 12:32:15 GMT","end":"Thu, 12 Mar 2026 12:32:14 GMT"},"fingerprint":{"sha1":"1A:11:51:ED:D7:E6:67:DC:89:EF:7D:5C:63:53:E1:10:5D:FA:F9:A1","sha256":"6A:AE:95:D2:65:D9:47:AB:C2:46:71:85:81:09:58:54:0B:8B:2F:2C:2D:CD:B0:9B:99:A2:49:59:B5:BA:B3:40"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: stallionanimalxxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.23.3\r\nDate: Wed, 24 Dec 2025 17:33:22 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=30\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.23.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn2.geefap.com/uploads/posts/2018-04/thumbs/495445170_991088351.jpg","fqdn":"cdn2.geefap.com","domain":"geefap.com","tld":"com"},"ip":{"addr":"31.10.5.97","port":443,"asn":207728,"as":"EUROHOSTER Ltd.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn2.geefap.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Tue, 07 Oct 2025 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:E2:65:92:08:22:4C:77:09:5B:C9:25:35:0E:A2:CD:89:EA:8C:7C","sha256":"82:2A:A8:8F:E2:B8:A2:CA:01:FD:DC:F1:C1:AD:8F:F7:85:8D:42:56:12:56:8B:70:B2:FD:44:15:88:B2:59:F4"}}},"request":{"raw":"GET /uploads/posts/2018-04/thumbs/495445170_991088351.jpg HTTP/1.1\r\nHost: cdn2.geefap.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 17:33:18 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 24727\r\nLast-Modified: Wed, 18 Apr 2018 04:57:41 GMT\r\nConnection: keep-alive\r\nETag: \"5ad6d045-6097\"\r\nExpires: Mon, 29 Dec 2025 17:33:18 GMT\r\nCache-Control: max-age=432000\r\nStrict-Transport-Security: max-age=31536000;\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24727,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 300x420, components 3","md5":"3034ea6441cacd317bbbc243cd1d2b52","sha1":"6c7ea8a1ed1e69175d62a1627f5b9cc3d204bbbb","sha256":"98eb5805f183f45737979421d29deba2ee0e5079bb4eec507bfe739fe56ab032","sha512":"11e06816a225089778811ac1e53dffc31562ba54e62bf6f9f8b94bc6f348890c95a54a79d2ceeb976232895747568d711f7580a67a5e9b50f76b57738ab94992","ssdeep":"384:D6VuPvhl30urgtjKqgaN9Ei4P+tX9OorOA1D3vfj8sQHZPeP/Nyly3:D6IRl3BrgBKJ4CI/iA9j8sQHkP/Nd3","tlshash":"5bb2e175705a92c67029b09f3a561c3277f223dfc7b78e09dac52b34e70868119630e4","first_seen":"2024-05-06T16:02:15Z","last_seen":"2026-03-03T14:10:03.743739Z","times_seen":70,"resource_available":false,"data":null}},"time_used":1671,"timings":{"blocked":374,"dns":2,"connect":101,"send":0,"wait":28,"receive":4,"ssl":1099},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sex18.photos/favicon.ico","fqdn":"sex18.photos","domain":"sex18.photos","tld":"photos"},"ip":{"addr":"31.10.5.97","port":443,"asn":207728,"as":"EUROHOSTER Ltd.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex18.photos","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Tue, 07 Oct 2025 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:8D:82:A7:4F:67:09:54:3A:C7:FB:43:7F:FF:9F:1D:BA:6D:9D:FA","sha256":"A2:B9:7D:5C:92:40:0D:CE:9D:F9:A7:FC:6C:F7:23:A8:9A:37:75:1F:AA:82:DA:7A:74:16:31:83:47:40:01:B5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sex18.photos\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 17:33:22 GMT\r\nContent-Type: text/html; charset=WINDOWS-1251\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=WINDOWS-1251","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":499,"timings":{"blocked":169,"dns":26,"connect":16,"send":0,"wait":17,"receive":6,"ssl":262},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.russiaporno.net/types/videohub/images/276815.jpg","fqdn":"www.russiaporno.net","domain":"russiaporno.net","tld":"net"},"ip":{"addr":"78.40.116.236","port":80,"asn":200019,"as":"Alexhost Srl","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.326Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /types/videohub/images/276815.jpg HTTP/1.1\r\nHost: www.russiaporno.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 24 Dec 2025 17:33:17 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 5549\r\nLast-Modified: Tue, 29 Dec 2015 02:16:00 GMT\r\nConnection: keep-alive\r\nETag: \"5681ece0-15ad\"\r\nExpires: Thu, 24 Dec 2026 17:33:17 GMT\r\nCache-Control: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5549,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: \"Lavc52.10.0\", baseline, precision 8, 180x135, components 3","md5":"f162bb22eb1a8a33adfd8daa8f9743b7","sha1":"0c712d71c26efd8b038b49e15279e9c9bc46dfab","sha256":"9a2cfdd455f83a6367cb21cb3bfebe9432302413035ae25d9c185755cb6213f3","sha512":"6e312cda261bf27da7ed954f25990eb99a3ef0ebea3dacdbbddfed704c1c8d3261551fa3131d2d379557ae0348c505380f1d39b7b3db987707ed6833f3df8759","ssdeep":"96:gfYzlUf+hcmwrHKiVGQineIJjI6svPx5ezxyndzv9aNYASMM/dCMO0CFNqs:6YCfucmwrqe3OnsvDIydBaBDM/lmj","tlshash":"b7b18ea17142d9d9f6763b7608150e0bebe921e84dd21fbe84d627160db109c569610e","first_seen":"2025-06-03T07:12:33.301619Z","last_seen":"2026-03-03T09:47:10.805757Z","times_seen":26,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":292,"dns":8,"connect":98,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"multicst.com/vs/54769329.jpg","fqdn":"multicst.com","domain":"multicst.com","tld":"com"},"ip":{"addr":"172.67.220.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"multicst.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 31 Oct 2025 22:09:37 GMT","end":"Thu, 29 Jan 2026 23:08:14 GMT"},"fingerprint":{"sha1":"61:6F:CD:BD:99:9E:42:0A:C9:69:0E:A9:7C:14:FF:0E:E7:5F:02:77","sha256":"C9:D0:A5:C5:64:B5:66:F2:02:9F:70:CA:29:B7:22:E9:FA:98:5D:03:A4:26:1C:67:ED:66:22:C6:0E:91:C7:A2"}}},"request":{"raw":"GET /vs/54769329.jpg HTTP/1.1\r\nHost: multicst.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 84019\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 21 Oct 2019 15:00:16 GMT\r\netag: \"5dadc800-14833\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nx-cache-status: HIT, HIT\r\naccept-ranges: bytes\r\nage: 657794\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P0DA4c%2FaY%2BsHPSZymVu7KuPhRTYMJiKM15S%2FsgNLrzEiXo6HapqbcCzBfS%2BpYT3hr5bVEBB3ANHwsLx2e%2FyjcTNNoqf9sLACwUo%3D\"}]}\r\ncf-ray: 9b31d7cb4a98568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84019,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc57.64.101\", baseline, precision 8, 1280x720, components 3","md5":"c831fecfe2068ccf944f6cc5112c0829","sha1":"4b033b9539fbe7ada5b9af8afed7a53c5c02caf8","sha256":"3f9aee96f6556e2a17493a8111b6db0f7d258e18613a67fe22a8e21fee9279e5","sha512":"b5a8cc6d763f3449443e5f0277b6c20a55f5d4376b462c727c4b82ecd81c721da83c732f86510037e7bf0b42792028307b490ee3a67c9034387a9a6a67addd7b","ssdeep":"1536:ZADwG8l8p9q0zN7j0hVbC8fW8+Ot4I/9IwjI0wQmZ8xbQaL6SHZnzD:up9ZzR2lZFIj0wQmZGcIJ5","tlshash":"9c83028676d9c7853de767c20961464360e0bf20192e6b913410ae65eedce7fc4dd81f","first_seen":"2025-05-27T17:53:32.06782Z","last_seen":"2026-02-25T10:38:26.932874Z","times_seen":19,"resource_available":false,"data":null}},"time_used":655,"timings":{"blocked":283,"dns":2,"connect":2,"send":0,"wait":20,"receive":8,"ssl":290},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"erota2.com/files/thumbnail/c4/if/c4ifxs5utjumshuhdclw3rin.jpg","fqdn":"erota2.com","domain":"erota2.com","tld":"com"},"ip":{"addr":"172.67.69.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"erota2.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Dec 2025 03:57:39 GMT","end":"Tue, 24 Mar 2026 04:57:35 GMT"},"fingerprint":{"sha1":"61:A4:B3:51:5C:84:0C:7A:D6:B2:9C:95:F5:8A:8A:BB:32:1E:BF:0A","sha256":"12:B6:23:F5:45:4E:9E:2F:9E:1C:EB:B6:30:A1:C5:0D:C3:06:A5:27:4C:CA:54:E7:0E:95:E5:38:6A:78:13:97"}}},"request":{"raw":"GET /files/thumbnail/c4/if/c4ifxs5utjumshuhdclw3rin.jpg HTTP/1.1\r\nHost: erota2.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7806\r\nserver: cloudflare\r\nlast-modified: Thu, 25 Mar 2021 05:36:14 GMT\r\netag: \"605c214e-2c9a\"\r\nvary: accept, accept-encoding\r\naccept-ranges: bytes\r\ncache-control: max-age=7200\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mQOTQZagwFZGtA03uYnUAk45fqFLeN5bmifW7eQkNJyDQNRhRgQvh83KR4CuolOMBTssjQ6m%2FVms5ronNc3K7odTuSQI%2F1Y7tw%3D%3D\"}]}\r\npriority: u=1;i=?0,cf-chb=(258;u=3;i=?0 1386;u=5;i=?0 5789;u=6;i=?0)\r\ncf-polished: ok\r\ncf-bgj: h2pri,imgq:85\r\nage: 5180\r\ncf-cache-status: HIT\r\ncf-ray: 9b31d7cb2e56783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7806,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x169, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2d1e10851a5f675b542be6c072317580","sha1":"fecffe4d64d63ed8846037253d6a15b6aa298797","sha256":"1c3bf3ce9ed9ef61966d2ed11173d72edb31b029f0213bee86779e1250ac7614","sha512":"a33d70161548047283f6d0cc7080a6abf409353ef1f6c18d63ed42796912db14ba4b8819053949ea55cd1ef9c9a591f212fbf76367640e981c59ae9bac1a42cd","ssdeep":"192:NsxIHfKEVQg47+MY8FeQNJqKIJ7uQXt8egTBIcJ/Rju2S:ya/9l2e1DoQXtRgdIK42S","tlshash":"11f1c020b0b1ee252db2b027a2852f821651bfe0fec2f1f186667f510a1ed124f7f244","first_seen":"2025-05-21T07:12:06.527767Z","last_seen":"2026-01-19T21:59:48.109761Z","times_seen":18,"resource_available":false,"data":null}},"time_used":624,"timings":{"blocked":281,"dns":2,"connect":2,"send":0,"wait":22,"receive":1,"ssl":306},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"motherless.com/favicon.ico","fqdn":"motherless.com","domain":"motherless.com","tld":"com"},"ip":{"addr":"185.107.81.234","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.motherless.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Wed, 02 Apr 2025 00:00:00 GMT","end":"Sun, 03 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BC:66:10:ED:31:C2:E1:48:61:92:BF:BD:98:9C:71:7C:41:97:BB:15","sha256":"DC:4B:D9:73:E2:0F:70:E0:0F:00:83:14:04:82:39:70:D2:DC:F4:3D:ED:56:CB:DA:C8:73:69:B1:19:73:4A:D9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: motherless.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 17:33:22 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1150\r\nConnection: keep-alive\r\nLast-Modified: Thu, 20 Apr 2023 06:59:04 GMT\r\nETag: \"6440e2b8-47e\"\r\nX-Server-W: web803\r\nExpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nCache-Control: max-age=315360000\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"71fed71dccb91a13bdf68a6444f25ce4","sha1":"38da7202842147ecda5521d50f094a54d1381f2c","sha256":"18f6675d329e6cb3bb7d7d1e546a1c68c5cc599f1b3ae98c2abbd21a53dc42c2","sha512":"5026edac9534773d52080439a13fe7dd5de5516c7813e062d25501d90ee67cf4cc01cf721070b90fc47f2d164a33a968c475d511c09fa528850a6294bb54795a","ssdeep":"","tlshash":"fc213e8ad700d86cc57456bce13a31f73e88ce40da20286b6f1a3c007c3522178ecc84","first_seen":"2023-05-25T17:44:41Z","last_seen":"2026-04-29T17:59:25.05382Z","times_seen":799,"resource_available":false,"data":null}},"time_used":503,"timings":{"blocked":-1,"dns":28,"connect":37,"send":0,"wait":17,"receive":0,"ssl":396},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tubetubetube.com/tubes/javfinder/remu.hayami/video6400/1.jpg","fqdn":"tubetubetube.com","domain":"tubetubetube.com","tld":"com"},"ip":{"addr":"172.67.146.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tubetubetube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 14 Nov 2025 19:06:15 GMT","end":"Thu, 12 Feb 2026 20:03:53 GMT"},"fingerprint":{"sha1":"12:06:A4:35:D9:08:B3:92:51:1C:CD:79:8F:E0:C7:41:AC:7C:F6:56","sha256":"8F:30:BF:FA:FB:5E:77:60:A7:0C:83:01:40:1C:DE:60:82:23:BC:D0:D8:FE:F9:CB:60:7A:61:50:A3:A4:6A:63"}}},"request":{"raw":"GET /tubes/javfinder/remu.hayami/video6400/1.jpg HTTP/1.1\r\nHost: tubetubetube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: text/html\r\nlocation: https://g.uuu.cam/movie/javfinder/remu.hayami/video6400/1.jpg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qNoNTDJhrlc%2BAaMjv8JgzKtzg9cbLhZu95UZKYviZHTYjL94I9us5suYOgSbRn1BuNNrHRzgX72dRdUqeI8qY%2BitGO0EXXzOqbLhfSCi%2BZk%3D\"}]}\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncf-ray: 9b31d7d31f694c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54891,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"page.phic4.top/myda.php","fqdn":"page.phic4.top","domain":"phic4.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.982Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /myda.php HTTP/1.1\r\nHost: page.phic4.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":0,"dns":22,"connect":223,"send":0,"wait":0,"receive":0,"ssl":223},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"page.phic4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pics.x-n-x-x.pro/pics/190/719_first.webp","fqdn":"pics.x-n-x-x.pro","domain":"x-n-x-x.pro","tld":"pro"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"x-n-x-x.pro","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 20 Nov 2025 00:16:14 GMT","end":"Wed, 18 Feb 2026 01:14:52 GMT"},"fingerprint":{"sha1":"17:2A:3D:80:37:64:49:7D:B4:BC:05:94:8F:CB:B3:5D:03:69:53:90","sha256":"7A:E1:83:92:B8:7C:54:84:AF:1E:32:55:EE:DA:65:64:6F:15:56:2D:16:FA:72:AE:86:9E:53:38:68:FA:DF:82"}}},"request":{"raw":"GET /pics/190/719_first.webp HTTP/1.1\r\nHost: pics.x-n-x-x.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8582\r\nserver: cloudflare\r\nlast-modified: Mon, 02 Aug 2021 12:48:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"6107e988-2186\"\r\nexpires: Fri, 26 Dec 2025 06:54:24 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nage: 470333\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rus%2FrByC81DaUGIZG3KSEPQmHL60VvpU8pA04lZdu%2BWjYHFO%2Ba08vyuZnHNdVbdnhgfsQ5Xo6YeQESS%2BPXYQ%2Flzh4CNZPckY5SyM4D6L\"}]}\r\ncf-ray: 9b31d7cbbea656bb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8582,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 270x161, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6ee3c9106366ef36b08f836ed12cc9b0","sha1":"6148e5f67bea06c8277551ff3cab26e297932a9c","sha256":"19a02163737d91f8e3a5e7f73a34c95449570925b5d190e938f28010a355d677","sha512":"5a1340cdf2f5b7b0b68987ac06037c5ada036eef836d59879cb66f7c5eee6a57e183de100b0656b417cd12ded6439fa84f1a6abd54485cf3b60561e16c5ec6f0","ssdeep":"192:fAcrAAxg8UAFkrRPUCM8dBjeQt8s7JpH9f9nZD/gmwfjtjutY:fAcaeFklcmPtX77HfnZjtY","tlshash":"0d02af90b022577d96a4c465b30a275b3241c53595a89a3d7b8b1a62fbf114ccfb8fc8","first_seen":"2024-12-08T17:47:56.099134Z","last_seen":"2026-03-01T16:28:28.486462Z","times_seen":37,"resource_available":false,"data":null}},"time_used":780,"timings":{"blocked":353,"dns":1,"connect":3,"send":0,"wait":17,"receive":1,"ssl":334},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"erota2.com/favicon.png","fqdn":"erota2.com","domain":"erota2.com","tld":"com"},"ip":{"addr":"172.67.69.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"erota2.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Dec 2025 03:57:39 GMT","end":"Tue, 24 Mar 2026 04:57:35 GMT"},"fingerprint":{"sha1":"61:A4:B3:51:5C:84:0C:7A:D6:B2:9C:95:F5:8A:8A:BB:32:1E:BF:0A","sha256":"12:B6:23:F5:45:4E:9E:2F:9E:1C:EB:B6:30:A1:C5:0D:C3:06:A5:27:4C:CA:54:E7:0E:95:E5:38:6A:78:13:97"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: erota2.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/webp\r\nlast-modified: Tue, 23 Jul 2024 10:36:28 GMT\r\netag: \"669f87ac-3907\"\r\nvary: accept, accept-encoding\r\naccept-ranges: bytes\r\ncontent-length: 2262\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ntdK0kl6AENnrHt%2FNoE12ZGWpq9alJMjLDxHliBOemyVxh1m8THP4UYsnklAAZ41yrC3i0ef1ogY1aejVN0B4kRcrveoUkbxdw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-bgj: h2pri,imgq:85\r\ncf-polished: ok\r\npriority: u=4,i=?0\r\nage: 1865\r\ncache-control: max-age=691200\r\ncf-ray: 9b31d7e9785975ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2262,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 94x94, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3fc164666ca1ef365aed51927a87300e","sha1":"8312eec4bb50f1ade811f113dd47209940f01450","sha256":"7ac5fdceb15374e3bbf8613bd5674c660983cc2b8f000cf004c71be3ed363cbe","sha512":"667ddf82e5b6b136e61357b9eb03d73aa10bac5616048ee57fe996f636ad0bd3259e4bbd73b52d679638a70a2544053a78dc27f04361a1dcdf7cc48c6db894b5","ssdeep":"","tlshash":"b74118369b18c8bc829acdb291587659b93c2a05890b27793b1c692473c9d7cb2201ef","first_seen":"2025-12-02T18:54:01.660649Z","last_seen":"2026-02-25T10:38:27.034913Z","times_seen":17,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sbzytpimg1.com:3519/upload/vod/20250811-1/1ec949f2a1ddc0c1841236c4a2c1152e.jpg","fqdn":"sbzytpimg1.com","domain":"sbzytpimg1.com","tld":"com"},"ip":{"addr":"142.248.99.81","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 09:53:21 GMT","end":"Fri, 06 Mar 2026 09:53:20 GMT"},"fingerprint":{"sha1":"55:92:B5:BC:78:CB:75:63:3B:0F:C6:A3:DD:2D:2F:7C:FA:07:B7:4A","sha256":"02:67:5F:F2:7D:A5:B6:59:8F:77:98:9C:EF:94:84:1A:E6:C9:FC:6E:A7:27:06:47:BB:16:5D:BE:A9:91:90:79"}}},"request":{"raw":"GET /upload/vod/20250811-1/1ec949f2a1ddc0c1841236c4a2c1152e.jpg HTTP/1.1\r\nHost: sbzytpimg1.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\ncontent-type: text/html\r\ncontent-length: 548\r\nexpires: Fri, 12 Dec 2025 10:46:14 GMT\r\nage: 1063026\r\ncache-status: HIT\r\nserver: HyperCDN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pdocac.4vid.top/av4usimage.png","fqdn":"pdocac.4vid.top","domain":"4vid.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:20.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4vid.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 04:08:57 GMT","end":"Fri, 13 Feb 2026 05:05:33 GMT"},"fingerprint":{"sha1":"99:1F:D8:6E:39:72:6F:D5:11:7F:B0:79:4D:F6:40:0E:A5:37:9F:9A","sha256":"F4:87:3F:1A:B8:E5:52:39:3C:56:29:BB:B7:CD:E0:20:DE:45:F2:30:28:80:C4:8D:AB:CA:AE:DC:24:7C:14:56"}}},"request":{"raw":"GET /av4usimage.png HTTP/1.1\r\nHost: pdocac.4vid.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 2619\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\netag: \"a3b-6437702003080\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Cake\r\ncache-control: public, max-age=360000\r\nx-proxy-cache-192g-la: HIT\r\nxkey-192la: pdocac.4vid.top/av4usimage.png--pdocac.4vid.top--myzone---yes\r\naccept-ranges: bytes\r\nage: 31483\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=isqMoFVSEyCfka928EBsoaWWSdWXNr2rYG%2BiO7cYyuc1rfdMceV2Y6Uwnx1wwayy3PczVJd4CgHPqxCGnTrTqSNGgLOSyEHYSCCCwEI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7db1812b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2619,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 339 x 89, 8-bit/color RGB, non-interlaced","md5":"8267aaadeeeb8c9fa7482f2f9db2d4e3","sha1":"a2ef23d3b5f9d9bb3102c855a8ace072884ba60c","sha256":"998cf9d427c2e322904e89a056ba823b56078fb199b7395883f3eafabaadbea8","sha512":"719215d8ec70b8b36b24277a80e7876be2fa1afe3698c05bbff013b6a2936701f266e694c221756e7306d1a945013986a53e41af0bc90bdd4bbf0dcbe33f7637","ssdeep":"","tlshash":"f5513ccb05b2fdbc657d79976105a79ef3a896c72982b872565c38c14243a0096c1fe1","first_seen":"2025-11-13T21:07:01.541567Z","last_seen":"2026-05-05T00:58:57.944017Z","times_seen":365,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":32,"connect":1,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"pdocac.4vid.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jp.av2.top/","fqdn":"jp.av2.top","domain":"av2.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-24T17:33:15.250Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: jp.av2.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":834,"timings":{"blocked":834,"dns":0,"connect":225,"send":0,"wait":0,"receive":0,"ssl":229},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T17:33:16Z","timestamp":1766597596,"ip_dst":{"addr":"160.22.16.197","port":80,"asn":45899,"as":"VNPT Corp","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.5","port":47430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-24T17:33:16.995447+0000\",\"flow_id\":1067796043422598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":47430,\"dest_ip\":\"160.22.16.197\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"jp.av2.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":289},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":1654,\"start\":\"2025-12-24T17:33:16.547718+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"jp.av2.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"jp.av2.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sbzytpimg1.com:3519/upload/vod/20250828-1/cd3549301d0682f401d69ab642614e69.jpg","fqdn":"sbzytpimg1.com","domain":"sbzytpimg1.com","tld":"com"},"ip":{"addr":"142.248.99.81","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 09:53:21 GMT","end":"Fri, 06 Mar 2026 09:53:20 GMT"},"fingerprint":{"sha1":"55:92:B5:BC:78:CB:75:63:3B:0F:C6:A3:DD:2D:2F:7C:FA:07:B7:4A","sha256":"02:67:5F:F2:7D:A5:B6:59:8F:77:98:9C:EF:94:84:1A:E6:C9:FC:6E:A7:27:06:47:BB:16:5D:BE:A9:91:90:79"}}},"request":{"raw":"GET /upload/vod/20250828-1/cd3549301d0682f401d69ab642614e69.jpg HTTP/1.1\r\nHost: sbzytpimg1.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 35432\r\nlast-modified: Thu, 28 Aug 2025 02:45:56 GMT\r\nvary: Accept-Encoding\r\netag: \"68afc2e4-8a68\"\r\nexpires: Fri, 23 Jan 2026 00:33:15 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nage: 61203\r\ncache-status: HIT\r\nserver: HyperCDN\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35432,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 856x480, components 3","md5":"8d2f4a6ec88c1c3370cef6e935d1bc94","sha1":"12ff211511e8fe703909f6ce2ba4c5f864c29564","sha256":"4e7483da28ccdeb6251e346d08ac966f70c93322f57b127001631bd1a61e03a8","sha512":"b5505ef82e91a01de0e48414011596fe4f80a6b0409828c151a259a67dbfc5954942e2158ae14b0d3126ffb6a5dac790f26ed8c1d8ba004b2681b48aee06e9ff","ssdeep":"768:MUIoMspnw4ncMb21QPn//wKoYXUEXcm3SEvnB+Qf2EJRYsRiPXc:kotxw4cMa1E//rXUNGz2GGM","tlshash":"78f2e12dd5d3826cce08d2776b5ca9831a407b635fabf075a3f8c41017ae3ae24c265d","first_seen":"2025-09-16T14:18:17.209215Z","last_seen":"2026-01-20T23:50:12.97278Z","times_seen":9,"resource_available":false,"data":null}},"time_used":1653,"timings":{"blocked":310,"dns":2,"connect":230,"send":0,"wait":604,"receive":22,"ssl":463},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8zoonet.z00.monster/scj/thumbs/0/280_chinos.jpg","fqdn":"8zoonet.z00.monster","domain":"z00.monster","tld":"monster"},"ip":{"addr":"148.113.152.129","port":443,"asn":16276,"as":"OVH SAS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8zoonet.z00.monster","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 04:16:10 GMT","end":"Fri, 27 Feb 2026 04:16:09 GMT"},"fingerprint":{"sha1":"A2:48:61:37:1D:31:A1:AC:74:9D:18:EE:3E:89:64:2F:52:D1:1A:D2","sha256":"78:EE:5C:C1:24:F8:52:20:2C:DE:7C:EC:1F:B7:6C:62:9F:79:7B:5B:C1:C6:BF:36:4F:C4:78:1F:8D:81:31:BE"}}},"request":{"raw":"GET /scj/thumbs/0/280_chinos.jpg HTTP/1.1\r\nHost: 8zoonet.z00.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15042\r\nlast-modified: Thu, 02 Jul 2020 18:01:27 GMT\r\netag: \"5efe20f7-3ac2\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15042,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x240, components 3","md5":"2767f6073ec5f718d15f6bdd61b4d34a","sha1":"a230e90c138c9ccf9c24f87b5b09090b6e8431ae","sha256":"0b5ff0e11eb2f7882690a1746ffa62c2c2a8f8b4a560325dd4bfd01aa7d9318c","sha512":"68196f8202dbe3ab84a56d70f80c7b280a6ab9ce252118641b7303cc25d8c28ba9b1f2f2f1a1f6ff35a5b1b0fa55a5ebc6c511d23d162a16ce7155bd4978d290","ssdeep":"384:2TifnEVVxZgIoFGoKELcWWAzcBQw/1/cru2N2MyQ8i7CHXuM:2Tifn8Zvo/x40zqp/cn2/Q8SS","tlshash":"6262d06c09c9c0b2cb8d8a2059399f929cad07fec24f4fa35e1df5597b182ed5484192","first_seen":"2024-08-19T19:45:08.579633Z","last_seen":"2026-03-03T08:08:10.362194Z","times_seen":55,"resource_available":false,"data":null}},"time_used":1292,"timings":{"blocked":275,"dns":2,"connect":159,"send":0,"wait":300,"receive":98,"ssl":410},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fqjpg4.top/upload/vod/20241104-1/5f468a24ad369085b21088ef501bb564.jpg","fqdn":"fqjpg4.top","domain":"fqjpg4.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.974Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /upload/vod/20241104-1/5f468a24ad369085b21088ef501bb564.jpg HTTP/1.1\r\nHost: fqjpg4.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":220,"dns":0,"connect":113,"send":0,"wait":0,"receive":0,"ssl":124},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"fqjpg4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kocho-kocho.com/wp-content/uploads/2022/03/hiroinet-0146_jacket.jpg","fqdn":"kocho-kocho.com","domain":"kocho-kocho.com","tld":"com"},"ip":{"addr":"150.95.59.35","port":443,"asn":7506,"as":"GMO Internet,Inc","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waken01.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 01:54:24 GMT","end":"Sat, 21 Feb 2026 01:54:23 GMT"},"fingerprint":{"sha1":"9E:DE:3B:53:C6:57:7D:7A:85:3F:49:E6:27:85:10:94:17:E2:E7:5B","sha256":"7D:AB:36:20:56:D4:90:FD:8C:B8:7B:A1:11:01:B5:0E:18:94:10:C7:22:C4:6E:57:AE:43:51:B1:5B:EA:29:10"}}},"request":{"raw":"GET /wp-content/uploads/2022/03/hiroinet-0146_jacket.jpg HTTP/1.1\r\nHost: kocho-kocho.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 31 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 13 Mar 2022 08:14:06 GMT\r\naccept-ranges: bytes\r\ncontent-length: 241075\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":241075,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x665, components 3","md5":"4ea39231d17634c1defc5e9b95b47fb8","sha1":"f07f02a040473664c81c62fe7cd92f6cf87f5af1","sha256":"9c2a6edfe07fcbc185a920bf68b0e27faf2d72d95d5c51d25ea72001ce7d9608","sha512":"d9b6c9167b664994163791b5e92b2587855c3ff8640ac0293cd75712db39298f077dd31e360565cdcb7f7d4b9e1946870490901de19cf3ac3a67f9f8e46e36fd","ssdeep":"6144:JbqbCx8QfJvnQ6+EqIO1l0Wt0+TK4dg6HuNdjBxCy:JSCnvQ6HqIO1l7t034u6ODvCy","tlshash":"d13423c31b4c1486e82dca5ebee40e558b87812618fe58257db2edcda2f433b04d6999","first_seen":"2025-07-26T12:58:47.700867Z","last_seen":"2025-12-24T17:34:12.640484Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2778,"timings":{"blocked":294,"dns":8,"connect":266,"send":0,"wait":512,"receive":771,"ssl":908},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.clporn.com/thumbs/29/426-teen.jpg","fqdn":"www.clporn.com","domain":"clporn.com","tld":"com"},"ip":{"addr":"104.21.25.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"clporn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Dec 2025 07:39:21 GMT","end":"Sat, 07 Mar 2026 08:37:01 GMT"},"fingerprint":{"sha1":"EC:09:BE:71:63:35:4D:8B:B1:E0:5C:B2:23:8E:83:C4:54:7F:CF:CD","sha256":"F1:A5:50:B6:E8:9E:33:CD:CC:5E:60:58:B7:AE:F6:3D:6C:98:25:6D:F9:E3:B6:BB:ED:A9:20:17:B5:C8:F1:01"}}},"request":{"raw":"GET /thumbs/29/426-teen.jpg HTTP/1.1\r\nHost: www.clporn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11341\r\nserver: cloudflare\r\nlast-modified: Mon, 20 Apr 2020 13:02:09 GMT\r\netag: \"5e9d9d51-2c4d\"\r\nexpires: Mon, 21 Dec 2026 06:50:57 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 297741\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0buSrhrzbBSn7GiJraxLOSvhS2gj9FuM9ZSk%2FLvAaio9wwBaJvavhQLy8J2aIw%2Fmr4DHcZnDLtt%2FC7E%2BZ5rbTJuhBxbyN4fYM%2BlVmw%3D%3D\"}]}\r\ncf-ray: 9b31d7d07fa3b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11341,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 312x208, components 3","md5":"3517da8b09c75e27701637c4508d859c","sha1":"07b79084e5c9a1f2920f5e9fb3e3b27905f2d8ea","sha256":"422b439e6f12e29ce5733218bf496bbb8b006815d9d9461f2fa4196cb8d8fe26","sha512":"4a284c2ca5eda6126351f2c16721abd01a0ac930d884b6243e53638bf239153007673bad710f8abd459c942be134ec9ed0dec38a98e3173078b9c144b10aaa4d","ssdeep":"192:Q9PfqHZTo0eMQ4CugsGRP0S+D5hC0U/dKawymeCa03ZplLd1Vzzz7H1/vGZs6gsj:QuCVuyRP25U044qmeCZ3ZplLtzzz7H1a","tlshash":"7c32be2d2d5141c6bc9c8fe4cd048f536ef63b64b3c422f2c4e961f9a4697532e23a06","first_seen":"2024-05-09T20:06:40Z","last_seen":"2026-01-11T16:31:17.569784Z","times_seen":57,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fixedjs.4vid.top/av4usimage.png","fqdn":"fixedjs.4vid.top","domain":"4vid.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:20.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4vid.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 04:08:57 GMT","end":"Fri, 13 Feb 2026 05:05:33 GMT"},"fingerprint":{"sha1":"99:1F:D8:6E:39:72:6F:D5:11:7F:B0:79:4D:F6:40:0E:A5:37:9F:9A","sha256":"F4:87:3F:1A:B8:E5:52:39:3C:56:29:BB:B7:CD:E0:20:DE:45:F2:30:28:80:C4:8D:AB:CA:AE:DC:24:7C:14:56"}}},"request":{"raw":"GET /av4usimage.png HTTP/1.1\r\nHost: fixedjs.4vid.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 2619\r\nserver: cloudflare\r\netag: \"a3b-6437702003080\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Cake\r\ncache-control: public, max-age=360000\r\nage: 31515\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fwgStf5%2BRCFaYgdnmNltl0CLaoyHrcZsveRXBiUQpVjmAXD9gFCkE8%2FcVyNuGQk%2Fspe9WbaL062hWbWOkDXWR%2F%2FVlZejY5CCIngW%2B91L\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b31d7da5f65b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2619,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 339 x 89, 8-bit/color RGB, non-interlaced","md5":"8267aaadeeeb8c9fa7482f2f9db2d4e3","sha1":"a2ef23d3b5f9d9bb3102c855a8ace072884ba60c","sha256":"998cf9d427c2e322904e89a056ba823b56078fb199b7395883f3eafabaadbea8","sha512":"719215d8ec70b8b36b24277a80e7876be2fa1afe3698c05bbff013b6a2936701f266e694c221756e7306d1a945013986a53e41af0bc90bdd4bbf0dcbe33f7637","ssdeep":"","tlshash":"f5513ccb05b2fdbc657d79976105a79ef3a896c72982b872565c38c14243a0096c1fe1","first_seen":"2025-11-13T21:07:01.541567Z","last_seen":"2026-05-05T00:58:57.944017Z","times_seen":365,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"fixedjs.4vid.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.2beeg.me/pcz/f2/32/ea/f232eab28c29ca70463181f923f7ce8e.jpg","fqdn":"cdn.2beeg.me","domain":"2beeg.me","tld":"me"},"ip":{"addr":"172.67.184.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2beeg.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 21:03:28 GMT","end":"Wed, 11 Mar 2026 22:01:58 GMT"},"fingerprint":{"sha1":"62:8A:1E:86:D1:D4:FF:EC:84:C2:0E:47:49:EC:B4:75:C5:E5:6B:51","sha256":"CE:3C:22:A9:A0:20:5F:65:A4:58:C6:85:91:C6:4F:3B:D5:A9:97:4D:25:98:FF:D3:B6:23:11:A3:B1:25:03:51"}}},"request":{"raw":"GET /pcz/f2/32/ea/f232eab28c29ca70463181f923f7ce8e.jpg HTTP/1.1\r\nHost: cdn.2beeg.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14379\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nlast-modified: Sun, 08 Mar 2020 01:21:33 GMT\r\netag: 7f9657e0319744632f586f2b9dd88fd9\r\nx-timestamp: 1583630492.11767\r\nx-trans-id: tx632165565564490eb5229-005e64a127\r\nx-openstack-request-id: tx632165565564490eb5229-005e64a127\r\ncache-control: max-age=172800\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\nexpires: Fri, 26 Dec 2025 05:28:03 GMT\r\nx-cdn-host-id: ds9225\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nage: 43514\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E9gCjSU77XmsBAoMx5PWEXbrmgV%2BtJb6aIhfy4MhT3ZFpxG9TpBp2uF%2BmAlpEDaJwFR4JJmnP8f4PGBwyjK93GaVrU4L34UTucfvng%3D%3D\"}]}\r\ncf-ray: 9b31d7cbbeeab1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14379,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85\", progressive, precision 8, 320x180, components 3","md5":"7f9657e0319744632f586f2b9dd88fd9","sha1":"012085702c3506dcdf3999f5859e5ae9c06fcc50","sha256":"6a2cd71a158cd602134c7c4fa62107e72b0351b8896ab3f92623dfad16ec025a","sha512":"3730524522482d256b09e02f3327af84969143b1010139f13b3ef92697eb5418954f6ba96dc1d09bc037461c3e4a2f07f1d1bf5ab8ba53698e5801338cc1e0dd","ssdeep":"384:hPG23CWwKvrFsSrWvHVDbz5nmY1ruQHGOd3xNUnALjMmb6pgzNoZbz:he23LvBdgbPdmU3xaALjBb6pgziZbz","tlshash":"4a52bf6617c1d5e0f96d8074342b6330cfeaccc96767893ec7e0595ca36eac48c669e8","first_seen":"2024-08-19T23:56:13.760468Z","last_seen":"2026-04-03T21:47:16.550477Z","times_seen":24,"resource_available":false,"data":null}},"time_used":759,"timings":{"blocked":323,"dns":3,"connect":6,"send":0,"wait":11,"receive":1,"ssl":345},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/002/737/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/002/737/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12570\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:19:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8bd-311a\"\r\naccept-ranges: bytes\r\nage: 1671712\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zIptXrIvBh6lxXS%2B%2FneAnaxXOD9hdjz%2Bg%2FfUHyMOqtQKkWKpP%2BecFADH%2FAfKFGtsWMORX3aFPbNrLa3qLEoWLSA1YNw6HuR%2BTNdojB0T\"}]}\r\ncf-ray: 9b31d7c6e90156b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12570,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"7c9862b64c640daa3295348486d35165","sha1":"cc7fcce7c6aea4075891cb85c59cdc80defef5e1","sha256":"0b972cae4393ea4ce12ea44d33b12828d0771920f40c04de72bcd3501e14e7fd","sha512":"72644d9dbe1f332c2c12f34fb6f9ebe36e9a85346c09fec0fcd007380a0320d61b4dc87ce297499aff9b445a7e0b862832683207707524b52b18374231d829eb","ssdeep":"192:2mRe61HcZcRdhuh6VrhsXi1Q3UmI8zbGwfmhtX5JtHeZBqmbqB3enr931YZYMO/i:jeOHbRzuPXvHzXmht1HeZB1YCzgUBmX","tlshash":"7d42bfbf0f154c16ef584f3d68a9e049e3bf1a92362e0252e136982377c86913ca513d","first_seen":"2025-06-07T22:50:30.219815Z","last_seen":"2025-12-24T17:34:12.643197Z","times_seen":3,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sbzytpimg1.com:3519/upload/vod/20240826-1/7649ca7c2cf39ba89bb80125c9e308cb.jpg","fqdn":"sbzytpimg1.com","domain":"sbzytpimg1.com","tld":"com"},"ip":{"addr":"142.248.99.81","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 09:53:21 GMT","end":"Fri, 06 Mar 2026 09:53:20 GMT"},"fingerprint":{"sha1":"55:92:B5:BC:78:CB:75:63:3B:0F:C6:A3:DD:2D:2F:7C:FA:07:B7:4A","sha256":"02:67:5F:F2:7D:A5:B6:59:8F:77:98:9C:EF:94:84:1A:E6:C9:FC:6E:A7:27:06:47:BB:16:5D:BE:A9:91:90:79"}}},"request":{"raw":"GET /upload/vod/20240826-1/7649ca7c2cf39ba89bb80125c9e308cb.jpg HTTP/1.1\r\nHost: sbzytpimg1.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nage: 0\r\ncache-status: MISS\r\nserver: HyperCDN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g.uuu.cam/movie/javfinder/remu.hayami/video6400/1.jpg","fqdn":"g.uuu.cam","domain":"uuu.cam","tld":"cam"},"ip":{"addr":"104.21.82.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uuu.cam","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 13 Nov 2025 05:31:04 GMT","end":"Wed, 11 Feb 2026 06:29:40 GMT"},"fingerprint":{"sha1":"32:92:71:AE:97:2C:21:F0:96:35:94:B7:EE:E8:F5:0D:49:5C:46:0F","sha256":"75:09:AE:F8:7A:47:D2:07:E4:AE:79:26:EB:8A:BC:55:22:6B:9F:93:37:3A:88:DE:CD:E5:80:49:33:E8:3F:47"}}},"request":{"raw":"GET /movie/javfinder/remu.hayami/video6400/1.jpg HTTP/1.1\r\nHost: g.uuu.cam\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 54891\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 21 Jan 2020 02:57:57 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B3uDZCZZI4%2BWCOSwiKZICTAQOA3AkZGcSShA1bt%2B5nwIXWAOoONdzmtaXtcNIPa6e8oMhjKQYGFNRolCmrP9lggwpFB37ro%3D\"}]}\r\netag: \"5e2668b5-d66b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 1502933\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\ncf-ray: 9b31d7d59fb9b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54891,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x393, components 3","md5":"df2b544c73386a6127a88487617da975","sha1":"dfd9b3e9deebf174f4129ccaa8f252c78a950947","sha256":"73d575e94be521ead962351f31362bb0ae890734f3cd72c11c7067e4aed701d3","sha512":"c7f6343012c5d59e1e68f15bcaac957dd37a5d8359d5227a55e9fdec0248b356e802e2926999c5ee1c0b054c9800587a94dbc4a3ae859ae3bbbf5546bc0a0aae","ssdeep":"1536:tHoLAaD+l1BoZOAK5oC/rA8SwCYXIFUiU:tHdaSlTpoCDA8LXCUiU","tlshash":"26330230b2851a63749a7674adf054e1787527923b9e33128df920d339ec1a3954f3de","first_seen":"2025-11-02T12:24:20.287583Z","last_seen":"2026-04-22T17:26:51.443489Z","times_seen":15,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":280,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/2qa7buka_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/2qa7buka_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1542569\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 06 Dec 2025 21:03:48 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rzpj21WJHgLnCw%2Bc%2F3oac5VhTtUqFIS8OsMUE7oI1RAeQuGo7nt%2B%2BhtlJCV1%2BAvFHuBCaL%2Bwdn6p7DaoZ8fCLNKBXBeq1B6AoCY%3D\"}]}\r\ncf-ray: 9b31d7c6ef19b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43223,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 450x563, components 3","md5":"aab5468ec99774ec45cf10b6e1dfcd7f","sha1":"47f6557ce1c6f69355a0eb7740d84822f6ccb965","sha256":"4757fe9093110dccb6ee207fd94ce3fe1430fb6f45f2ee3e7ba13854039a4a47","sha512":"4bbe1eab62829fdbcc11810f789cd8166cf3f3a533dea7f23616844e77b08ae47d795f67610c4a40ab1021048e4d681f5c1da0a3e3b8474a1ffadf95a72dc691","ssdeep":"768:LX4wOEljo8tII1t/d5T8IhQoMTggDocPll8374UbUoZfwO4lRRmRsW51Cpp/PnvZ:LX4wvF1I0VhQoMWqO3sk5x49meW516Hx","tlshash":"d013e1387b82caf12b4b355dd43e3d3f86ea4ada20c0d251a275bd94d8519aca97343c","first_seen":"2025-09-06T19:37:18.888668Z","last_seen":"2025-12-24T17:34:12.644522Z","times_seen":3,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":20,"connect":5,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filtradas.com/uploads/default/optimized/2X/e/e2789e4ecbf1042a0cd3e1c4d9c81b0193ee7943_2_565x1024.jpeg","fqdn":"filtradas.com","domain":"filtradas.com","tld":"com"},"ip":{"addr":"91.234.199.87","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filtradas.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 04 Nov 2025 03:08:59 GMT","end":"Mon, 02 Feb 2026 03:08:58 GMT"},"fingerprint":{"sha1":"E1:A5:18:66:02:A1:30:48:C0:63:B8:0D:A6:A0:6A:4D:49:FB:31:A4","sha256":"F3:EF:EA:51:6F:29:3C:97:1C:9E:B5:C9:DB:69:E9:BE:55:EA:E1:47:AC:EB:1B:EB:A6:2A:5B:B1:74:85:D0:AB"}}},"request":{"raw":"GET /uploads/default/optimized/2X/e/e2789e4ecbf1042a0cd3e1c4d9c81b0193ee7943_2_565x1024.jpeg HTTP/1.1\r\nHost: filtradas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 75119\r\nlast-modified: Fri, 17 Oct 2025 23:27:06 GMT\r\nexpires: Thu, 24 Dec 2026 17:33:18 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75119,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 565x1024, components 3","md5":"37e200c3e96824e97f1a1606400942ce","sha1":"81b8bd1ef68dcc5fa831644ba7f3c4ed8f0eaf7d","sha256":"35594279c501327d44b851751a4e9eb5ae17a607eacd90d5d346ffb667532513","sha512":"c6762870bb0aa4ebea177ae4919ca7e587b3a5a640a070859f8f15ea6922ab0544d983ebe9588f80882950bb45718aeb65b188ec3789b7b22f4040c140125116","ssdeep":"1536:1v+inn6otRORZq1zIcFRghtThdpsnwq6VQhFRNr9/BY:17nn6QOR81sRpsn96C3RBY","tlshash":"077312e5311565cbf4b1015ad5e8bf1fcac11d0d6f3aa5b41b16214ff3080afa8eaca4","first_seen":"2025-12-24T17:34:12.645469Z","last_seen":"2026-03-03T08:08:10.328124Z","times_seen":19,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pdocac.jpg4.icu/av4usimage.png","fqdn":"pdocac.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jpg4.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 15:32:54 GMT","end":"Thu, 26 Feb 2026 16:30:32 GMT"},"fingerprint":{"sha1":"DD:1F:06:D1:AD:C8:98:82:F6:76:1B:72:E5:E3:ED:49:53:4D:2E:C2","sha256":"5D:0D:E6:96:38:E2:AC:E2:A7:81:11:6D:6A:D8:8A:47:43:3D:50:7D:FE:2E:30:F8:62:AA:CC:2B:30:C7:DF:7F"}}},"request":{"raw":"GET /av4usimage.png HTTP/1.1\r\nHost: pdocac.jpg4.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/png\r\ncontent-length: 2619\r\npriority: u=4,i=?0\r\netag: \"a3b-6437702003080\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Cake\r\ncache-control: public, max-age=360000\r\nx-proxy-cache-192g-la: MISS\r\nxkey-192la: pdocac.jpg4.icu/av4usimage.png--pdocac.jpg4.icu-pdocac.jpg4.icu-myzone---no\r\nx-proxy-cache-tot-vt: HIT\r\nxkey-tot-vt: pdocac.jpg4.icu/av4usimage.png--pdocac.jpg4.icu--my_zone\r\naccept-ranges: bytes\r\nage: 204674\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cy8cUKWwqXKpHL5ggpJb7YCt4Xgp6x75VKT3jJXBUdq4XUhD8%2BGD1oxLJYGquY6T%2BBBx3qIsgPSTLiSYKmJRyVtxbDCSn%2FGQZgZ9btM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b31d7e798125687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2619,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 339 x 89, 8-bit/color RGB, non-interlaced","md5":"8267aaadeeeb8c9fa7482f2f9db2d4e3","sha1":"a2ef23d3b5f9d9bb3102c855a8ace072884ba60c","sha256":"998cf9d427c2e322904e89a056ba823b56078fb199b7395883f3eafabaadbea8","sha512":"719215d8ec70b8b36b24277a80e7876be2fa1afe3698c05bbff013b6a2936701f266e694c221756e7306d1a945013986a53e41af0bc90bdd4bbf0dcbe33f7637","ssdeep":"","tlshash":"f5513ccb05b2fdbc657d79976105a79ef3a896c72982b872565c38c14243a0096c1fe1","first_seen":"2025-11-13T21:07:01.541567Z","last_seen":"2026-05-05T00:58:57.944017Z","times_seen":365,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":29,"connect":28,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/003/378/4.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/003/378/4.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12689\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:20:04 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8f4-3191\"\r\naccept-ranges: bytes\r\nage: 1930202\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BfZ8iT%2BQCYlDKhcVa%2Bc6HQE64moDhPnk6VksLPCCNKXMDNJJFKbbkfEzY2iIb%2BfzKp%2BcLaRLXUxXnge06qEtJQsFraUYf8LOFB3Om2i%2F\"}]}\r\ncf-ray: 9b31d7c7392656b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12689,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"65a120ae32db459cc0ed0d4ce42d28f8","sha1":"0d7bc1d6f38ab49850dfb9e1b80e21ca930af889","sha256":"d2a4546e01b74baddf155f20a76d12992a5fde02cb027c08ce0599d79be1c09d","sha512":"abbc1917015cb532858949173603859b48f380ac9530757a91088b0e14209c5d1bb2c9212c166c1837c1754fdaab3226dbd131247c191b6fbc973c8a996d42db","ssdeep":"192:IrEFaWz8Fx0dah0xPMpIgZOU99tHU8OPjrYgVw1q6G6/S3uDMyEh0vHf6Vn5rmni:cA6pSJsEwWbRK1LGeCrh0vAn5mni6WYG","tlshash":"ba42af12a6f5d793c6ffef711740241763dbf881cea91c41f629502dab17887786a0c9","first_seen":"2025-06-15T23:04:57.837085Z","last_seen":"2026-01-15T12:55:38.074776Z","times_seen":14,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":94,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wwv4.com/vs/35950966.jpg","fqdn":"wwv4.com","domain":"wwv4.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wwv4.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 05 Nov 2025 02:04:07 GMT","end":"Tue, 03 Feb 2026 03:02:56 GMT"},"fingerprint":{"sha1":"70:E1:95:5D:3E:CF:6C:01:41:A8:97:60:58:C2:12:3C:CE:96:CC:0A","sha256":"25:43:46:7A:9B:3E:DA:D1:7E:1E:DA:48:DA:C5:80:EF:5E:70:CB:35:01:EB:3A:77:F5:68:27:05:C7:2A:13:B5"}}},"request":{"raw":"GET /vs/35950966.jpg HTTP/1.1\r\nHost: wwv4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 31067\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 14 Mar 2020 19:45:24 GMT\r\netag: \"5e6d3454-795b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nx-cache-status: HIT, HIT\r\naccept-ranges: bytes\r\nage: 2979064\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vg01hKC%2B8R9J%2Fw7q1VEzo5bjT8ojTmI%2FFpCQHsd1kkhWbxuyO012jEm%2B1RgREuwqp2D79cN0XiLp50K%2ForKwAgrkALQRXg%3D%3D\"}]}\r\ncf-ray: 9b31d7cba81256bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31067,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 576x432, components 3","md5":"d2486904506de268b79d51bf35817afc","sha1":"b96d86eb420da65e8a9c53a793583b7a66d125cd","sha256":"6224a0e12935f3a242961ecfe281b8b2867c264a4195befd508d0d1eb306b41d","sha512":"e03b348d1972701fad46a7c2d950168fddf756b727bb6d4a7684920d768de16513173118e9849b68d00b4bc0a9a07329d25bb686453f76ba107b60de974d12fd","ssdeep":"768:63fKnbzgvicyHBWW7vH4ZlftO5R9eOIiiI9wT2o/9BPWKbnKyEngO3:63fYbUBMBVLHKtQ9yiz9wTbzPj+nZ3","tlshash":"4dd2f16f4063ee15bd392e6ab468fed73bcd25d1a7853104aff31792c98230c964698c","first_seen":"2024-08-19T23:06:35.890179Z","last_seen":"2026-03-03T09:47:10.832986Z","times_seen":30,"resource_available":false,"data":null}},"time_used":749,"timings":{"blocked":334,"dns":3,"connect":6,"send":0,"wait":9,"receive":1,"ssl":334},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sbzytpimg1.com:3519/upload/vod/20250811-1/1ec949f2a1ddc0c1841236c4a2c1152e.jpg","fqdn":"sbzytpimg1.com","domain":"sbzytpimg1.com","tld":"com"},"ip":{"addr":"142.248.99.81","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 09:53:21 GMT","end":"Fri, 06 Mar 2026 09:53:20 GMT"},"fingerprint":{"sha1":"55:92:B5:BC:78:CB:75:63:3B:0F:C6:A3:DD:2D:2F:7C:FA:07:B7:4A","sha256":"02:67:5F:F2:7D:A5:B6:59:8F:77:98:9C:EF:94:84:1A:E6:C9:FC:6E:A7:27:06:47:BB:16:5D:BE:A9:91:90:79"}}},"request":{"raw":"GET /upload/vod/20250811-1/1ec949f2a1ddc0c1841236c4a2c1152e.jpg HTTP/1.1\r\nHost: sbzytpimg1.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: text/html\r\ncontent-length: 548\r\nexpires: Fri, 12 Dec 2025 10:46:14 GMT\r\nage: 1063024\r\ncache-status: HIT\r\nserver: HyperCDN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1469,"timings":{"blocked":328,"dns":2,"connect":223,"send":0,"wait":462,"receive":0,"ssl":433},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.oedy9.com/favicon.ico","fqdn":"www.oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"46.202.208.18","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 444 No Reason Phrase\r\ndate: Wed, 24 Dec 2025 17:33:23 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=8e24b569a590272a9b4329bb58acd27e; Max-Age=86400; httponly; path=/\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"444","status_text":"No Reason Phrase","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1282,"timings":{"blocked":-1,"dns":678,"connect":118,"send":0,"wait":342,"receive":0,"ssl":133},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"www.oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gekiyasu-dvdshop.jp/favicon.ico","fqdn":"www.gekiyasu-dvdshop.jp","domain":"gekiyasu-dvdshop.jp","tld":"jp"},"ip":{"addr":"133.18.101.157","port":443,"asn":24282,"as":"KAGOYA JAPAN Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gekiyasu-dvdshop.jp","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 13 May 2025 00:00:00 GMT","end":"Sat, 13 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"96:76:1F:1A:4A:1A:AC:EC:9E:E9:1A:FC:45:CA:64:FC:3D:EC:31:A2","sha256":"FF:CC:CB:2E:B3:24:04:E1:3E:02:59:E3:74:98:69:71:78:FE:A5:72:0C:E5:CC:F7:28:94:C7:B7:29:76:2A:BA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.gekiyasu-dvdshop.jp\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 24 Dec 2025 17:33:23 GMT\r\nServer: Apache/2.4.58 (Ubuntu)\r\nLast-Modified: Tue, 22 May 2012 08:52:56 GMT\r\nETag: \"12f-4c09c250eca00\"\r\nAccept-Ranges: bytes\r\nContent-Length: 303\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/vnd.microsoft.icon\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":303,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"9c31b0c52ed54cd524a84b855d2ace5d","sha1":"b4317408b2e725d27e91e4d77d77168cc41ac564","sha256":"fac9c83e4881598751a3bca7efcc67802f86e7a5d88cd8e8a12238551510568e","sha512":"8c1f3151513959365438a8a901e94410590a24d89fcc58eca65010dd4fa52e4e3a4caa888506aa58627d6f95962544bb5b632fdd860084eb5f9b924c56d8fb7b","ssdeep":"","tlshash":"f5e0e7e13035bc79d08f87576d5109e0bc75015809b4670f5b09c1363e6562c3074b83","first_seen":"2023-11-07T18:51:56Z","last_seen":"2026-03-02T07:55:32.540421Z","times_seen":160,"resource_available":false,"data":null}},"time_used":1235,"timings":{"blocked":-1,"dns":309,"connect":263,"send":0,"wait":263,"receive":0,"ssl":399},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xvideosrei.com/wp-content/uploads/2021/09/ls-model-nude.jpg","fqdn":"xvideosrei.com","domain":"xvideosrei.com","tld":"com"},"ip":{"addr":"54.38.46.215","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xvideosrei.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 15:43:28 GMT","end":"Sun, 15 Mar 2026 15:43:27 GMT"},"fingerprint":{"sha1":"FD:95:23:36:47:33:25:61:BE:F2:AF:59:55:D2:67:E4:8D:31:E7:3A","sha256":"2A:C6:21:8D:B3:18:DE:A4:68:63:F5:A4:A3:FA:F4:1E:F4:04:23:36:7E:4C:EC:00:28:2A:35:4A:FA:46:4A:F6"}}},"request":{"raw":"GET /wp-content/uploads/2021/09/ls-model-nude.jpg HTTP/1.1\r\nHost: xvideosrei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14902\r\netag: \"61508cb2-3a36\"\r\nversion: MS25102301\r\nx-dns-prefetch-control: on\r\nx-download-options: noopen\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\naccess-control-allow-origin: *\r\nexpires: Thu, 25 Dec 2025 00:30:00 GMT\r\ncache-control: max-age=25002\r\nx-served-by: xvideosrei.com\r\nx-proxy-cache-status: HIT\r\nx-proxy-cache-skip: 1\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14902,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100\", progressive, precision 8, 600x337, components 3","md5":"11cad4ecfeef2c7977bb71cedf726169","sha1":"90abea391b13fc97a926d37d75273d0253ce7cfe","sha256":"4ac3f0447c7cc4ed1d0b7251b2533e49679a2f748596ccb737908c752a48df31","sha512":"f8be38756cdc7907a5ca1e417b11a2013bf8cce228962d33fba3d50fa5210872d32e9a0cd8e7c90e0c775ee5d4e1b9a1618df68f1091e07d6de9a347207416b6","ssdeep":"384:qcO/bJ6WYXE1NnbnzS3NeNG2sy/9/XGyHXM+5HVAfT:q7TJ6WIE1NTKUNXN/5NHXNo","tlshash":"e162c0ceb997811fc15c4df8c7db8e21f70e899ea66467ec448d6821d49d1e04acabc3","first_seen":"2025-03-12T03:12:27.327765Z","last_seen":"2026-02-14T16:06:52.894515Z","times_seen":35,"resource_available":false,"data":null}},"time_used":834,"timings":{"blocked":313,"dns":2,"connect":109,"send":0,"wait":54,"receive":1,"ssl":286},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/gb6wmodg_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/gb6wmodg_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 227454\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Mon, 22 Dec 2025 02:22:22 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RvNR2OrRxwDUSbMXI1QHb%2FFKgqkcvs0bSKZ3Izeu68M%2B8jyacKlDixxraqPjf6DoAqNY8x0eK2BwBVg%2FplmuXLnB9KBBZFroolY%3D\"}]}\r\ncf-ray: 9b31d7c6ef25b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":135629,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 650x661, components 3","md5":"6f085b6a2d2692126daf4fa96a980131","sha1":"46e0dd7d79e394e4836aea4ebf25df67ced58b54","sha256":"7097eca317faaf68c6490138b787bb637e48c244104b73750d3089afac326dfc","sha512":"95c705f4529e880e4c58fc37c2175a4e47b0439520f76373b633202c0ad3a6cf56e164c6a898fe31d57adee952d3eaaee193612d5a4e8b89b3eec022a22a8dd9","ssdeep":"3072:3K0H0wOFycc3wFkdJsdYutTrPXazf1U5qlTZt/OL:aCJkFkdJ0XtTGPTZ1k","tlshash":"bcd3123824c65e03716a48ea83b035ebd5d85f62154c624dae1e39f1e7e3998ddfac01","first_seen":"2025-10-17T05:03:07.001202Z","last_seen":"2026-01-31T10:39:20.872906Z","times_seen":22,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/007/243/1.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/007/243/1.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10642\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:19:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8d6-2992\"\r\naccept-ranges: bytes\r\nage: 1929678\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DUqe2FciATIEI1mHgbktZMC4Vt5CdrP7ETJRMbUTJu8C1iYgR6sgcqa9Vh%2BwKkStyeUaWEbg6bROgv7Pt%2BYXhaHl1aqtk2%2FvMgup18Mb\"}]}\r\ncf-ray: 9b31d7c7392456b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10642,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"867ecd3cefa939b7a6359501df910ae2","sha1":"005e0a8fd52adcedb08a835dd96837fff2bd3238","sha256":"09cbe35455bd2dc6e443bb33b2e920b9b0cbeef6f138f3ee50f602dfec638116","sha512":"b64efd5d090c00f16edcac187568b6090a3e86be35df73f1dccd520f66c8699337a9bdb1ec29f5c49880472af4ec2a1c29b20203dc291d995c0adbdbc7818393","ssdeep":"192:JoXMn+hhMP7uEZlc9sJAbWbQ7HdoGTQECvYhbRw21yqZkVJ8T7FGQdjp18LL3E:Y8+wjuEZlhQZBQp21y58TxVtp18LL3E","tlshash":"b022be84a1a328e8e1af84b29cd5d3368b5d8c4cbb25c4b77d91453d3f5c16d04aabdc","first_seen":"2025-12-24T17:34:12.648765Z","last_seen":"2025-12-24T17:34:12.648765Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":34,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.profreeporno.com/favicon.ico","fqdn":"www.profreeporno.com","domain":"profreeporno.com","tld":"com"},"ip":{"addr":"46.229.174.192","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"profreeporno.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Mon, 16 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5E:8C:E6:31:ED:46:E8:0C:77:1C:A5:91:5D:86:7A:BB:33:5A:CC:41","sha256":"3A:8A:38:E5:E7:8F:B5:AC:E8:4E:2F:0F:02:2F:B8:BE:4F:09:CF:52:B6:EE:DE:F1:05:01:51:60:62:49:71:58"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.profreeporno.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":464,"timings":{"blocked":-1,"dns":25,"connect":107,"send":0,"wait":100,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icdn05.4kpornvideos.tv/11253/562635_1.jpg","fqdn":"icdn05.4kpornvideos.tv","domain":"4kpornvideos.tv","tld":"tv"},"ip":{"addr":"45.133.44.5","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icdn05.4kpornvideos.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 02:32:58 GMT","end":"Sun, 25 Jan 2026 02:32:57 GMT"},"fingerprint":{"sha1":"B8:0F:7A:C0:15:D4:62:8C:DD:41:EA:7B:26:9A:EE:35:DA:0C:5C:BC","sha256":"F1:6E:D7:9E:83:2C:B7:E9:17:29:7A:78:8E:57:74:A8:0A:F6:F4:67:57:42:05:F6:58:20:83:E1:F1:AB:A3:9A"}}},"request":{"raw":"GET /11253/562635_1.jpg HTTP/1.1\r\nHost: icdn05.4kpornvideos.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 28385\r\nserver: nginx/1.24.0\r\nx-object-meta-mtime: 1598361058.475141498\r\netag: 68d8820348f900b0d680b3deb6e428a0\r\nlast-modified: Wed, 02 Nov 2022 17:08:45 GMT\r\nx-timestamp: 1667408924.88324\r\nx-trans-id: tx8ac91eb457004a2bb8a7c-0067eed5b3\r\nx-openstack-request-id: tx8ac91eb457004a2bb8a7c-0067eed5b3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\ncache-control: max-age=2592000\r\nexpires: Fri, 23 Jan 2026 17:33:17 GMT\r\nx-cdn-host-id: ah1004,DS9225\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28385,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x169, components 3","md5":"68d8820348f900b0d680b3deb6e428a0","sha1":"f9b07f4901fcfeb11045b83dbac068a3e359d044","sha256":"1a749ed505ecf6ce80b2e7c24732cedfe66a3e0560d2f66b976f18251aa533ca","sha512":"1d30dd84601933a62bd390ee0801a833117a463837e040e7ef2e862b13c2ae8e3da13b25f331fec4036db2d7a6bd078edac0e0e27591d0e5410a2450904e2556","ssdeep":"768:Ou0Tz8WTZ4SU4PomQCitf4WRnndIfo7VPClt2Rn:b0Tz8O4/4QmQNf4WRndIfo0jcn","tlshash":"77d2e1b2b887fd8b9572a533f0fc0b951242950550a7c398759940a6f87d3a3b70cbaf","first_seen":"2025-11-12T14:35:23.9138Z","last_seen":"2025-12-24T17:34:12.649689Z","times_seen":2,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":103,"dns":130,"connect":19,"send":0,"wait":38,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/2gl1doj7_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/2gl1doj7_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 487447\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Fri, 19 Dec 2025 02:09:09 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DwXxe0fCJ78i4EwS%2Fhl4KcpoHNrhxemImgOcw14aqyLgo8YKiW4Up8Bs91iq2OD9kwDYQ386tS4MR472WFChPzOBVBcIJDSlB0A%3D\"}]}\r\ncf-ray: 9b31d7c6ef1fb1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":150870,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 720x540, components 3","md5":"5c55529789e6f597a8ab134cc520801a","sha1":"68e658e335d5f4e8b5109e1a160591eafea11ac1","sha256":"3ddf16a702242ff534b7c85dc8df2049af7af90031a4c04529217f9af41bcf5d","sha512":"8f2cb329008aeb3c18f5d34af6893aa5de4db696b0507e691e6bfee6db7bd2d9059d540a3b42a22510ecd3cf4c3c35e1c1b3235e61463c448747780fe53c5a24","ssdeep":"3072:SqCzqwZOh/UuaVu4IeVPIBLGQnFH5H5GHTsI64uU/a4:SqCpQh4fIhKen4Ti4uUH","tlshash":"0be31260e492f5e2f05f8b2a7a2eca3e79ce4e5176d110240ec17c659cf48d52c6ba1f","first_seen":"2025-07-19T07:04:39.415031Z","last_seen":"2026-01-20T05:39:08.061963Z","times_seen":31,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/saixhvle_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/saixhvle_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 238564\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 21 Dec 2025 23:17:12 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EHk%2FEtN82vAZ3ajXbOH%2FFc%2Bmga9B8ybj3msdXhYJdNEFcpLOFPAiUt0L8OZMGqQm5UsSVxH5NSk068gJEBe6sUq2EEqkRqvxnXw%3D\"}]}\r\ncf-ray: 9b31d7c6ef28b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87531,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 600x440, components 3","md5":"8b0ebf48ad806a8d7ec7632b6503117e","sha1":"38e50d9ef1ff303373a9dcc07178c8bada87ae42","sha256":"3b954b62ad20fefc645641f74232891942070047e08701f85775109b1f136c34","sha512":"889e2f545004b52bf39d5eaa996680eb5e9a2986c944ea1e87bac6392668995113986a0e98970a2a83c115f7876a2057b1ec9319ceebc23884331b2651a64370","ssdeep":"1536:myzzMk8pAVJAYv92fO0pTl+9r9KgFeFrqjlARqie8bGQxsUg4ThPz:VzzMjYGb+bvcBelAgi/bwUg4TN","tlshash":"f683021e500baee03748356151e89c81c1fee921b5d14c48ebd239e937eb775ea0f716","first_seen":"2025-10-19T05:57:43.564462Z","last_seen":"2026-03-01T22:32:14.267241Z","times_seen":9,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/avhwzag2_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/avhwzag2_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 403321\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 20 Dec 2025 01:31:15 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0PP30vDgrSnh3PEuzon4G17K3YRUNQB7Ybh1ec1s%2FvKdoTywl9tzEOMmS5NzMzeWWK73tu%2FGIwgJLzhuZJQSdjhhGFYdhxeojeQ%3D\"}]}\r\ncf-ray: 9b31d7c71f4eb1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":98403,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 640x429, components 3","md5":"11fd20ce0eb0c0f99ab1789094539428","sha1":"33dd013debeb61327650e0fc16611020fc061e13","sha256":"bdda44ab4d430aa2364c3a2fc9d61ec0edda256f87f68202e0013ff2e56236cf","sha512":"878757cd2980187ee2b3f6da1626da76b5cef9248e6cd14fbcc5240cd427584918f3bc373dc8bc32d7fd413b02cef3daed3bb9336c1323a43b20e33fa1e5dd17","ssdeep":"3072:v+n05Fo0zFhnVWyWVzJzJEwPoXGEt96zh:k0Q0zFNVi/iwPoXGErY","tlshash":"a4a312b7be166c7aea45ce0dfdda09c0e8a8bb22cbc355deccd78d54996470e20510c6","first_seen":"2025-07-26T12:58:47.750585Z","last_seen":"2025-12-24T17:34:12.651954Z","times_seen":10,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.clporn.com/thumbs/135/021-.jpg","fqdn":"www.clporn.com","domain":"clporn.com","tld":"com"},"ip":{"addr":"104.21.25.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"clporn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Dec 2025 07:39:21 GMT","end":"Sat, 07 Mar 2026 08:37:01 GMT"},"fingerprint":{"sha1":"EC:09:BE:71:63:35:4D:8B:B1:E0:5C:B2:23:8E:83:C4:54:7F:CF:CD","sha256":"F1:A5:50:B6:E8:9E:33:CD:CC:5E:60:58:B7:AE:F6:3D:6C:98:25:6D:F9:E3:B6:BB:ED:A9:20:17:B5:C8:F1:01"}}},"request":{"raw":"GET /thumbs/135/021-.jpg HTTP/1.1\r\nHost: www.clporn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5739\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Aug 2020 05:33:47 GMT\r\netag: \"5f48973b-166b\"\r\nexpires: Mon, 21 Dec 2026 06:50:58 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 297738\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qlKdtLQERNkCyNxa86A0QF2EaqZqTc4D2at5IzhAQtabwhzEy8hf1ade1h6nv2eUdXBC2M6mGlZaGTQM7keCepL70qs4IsJig2IX6g%3D%3D\"}]}\r\ncf-ray: 9b31d7cb2cbfb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5739,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 312x208, components 3","md5":"98532448e186374baf79b424392fd513","sha1":"1ad313480f7f10764c6d400602fcccfa7851238d","sha256":"ba12454a3efd71d3b006dceb7dadc351073cfe14958da553bd12413590a127a2","sha512":"6323998e3b4ae6b8b9ed8727a6a268c7beba2451ed8325e502d2d20792aa6d3a36e4960b154051f5096586b5805e7838a63efda5bf422964a0d222a4a4d171ba","ssdeep":"96:wYWijBWi4Gg2Pobz0l+lCFm+3+v8afyg4tjGZaJ8+B8ZWzRVzb/AUAJ:wYzj4VTEl+4ohWaZaypWzDzUUk","tlshash":"5ac16c57da4e76d2ff5a98b2893b6ecc42fef471cb7e071d01c470a228451e3a920919","first_seen":"2025-06-03T07:12:33.304178Z","last_seen":"2026-03-02T10:40:01.37277Z","times_seen":26,"resource_available":false,"data":null}},"time_used":712,"timings":{"blocked":369,"dns":1,"connect":2,"send":0,"wait":23,"receive":1,"ssl":304},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/07/16.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/07/16.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1121372\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Thu, 11 Dec 2025 18:03:44 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NmF71%2B1fQxa%2Bsqk0Tc27%2FUDnoVFiGzxMnVogv%2FmLgEVWRRhKasy%2FCwyWYLdv6kF5X93aVdVdX7aFPD8JJaTx1NFLsubgTzPwwhk%3D\"}]}\r\ncf-ray: 9b31d7c6ef23b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23739,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x214, components 3","md5":"3cfe433a26808a5bb1556de023daa56a","sha1":"5f390aa87320c665d8509f23dcd39828ea76e51b","sha256":"f1693885d26d6b249bc42d7927e18499e7114b45582590cdab649d2b967fb1f4","sha512":"e114f46c77250caff89442846db25ca05bab60329a3a11fe192b210ddc37119677607a07c6f2b9e7c596929f723e968b9ed6c81a5326512b82dcfe57e78ff80e","ssdeep":"384:S55mZnxN2ljWhyQU+YU92rIDlvmsdzcyCjdRe8IgG+2VAJ6xNYj8:S55gml6hyt+f2rCxRcntIguE6xNYj8","tlshash":"e3b2d096fb4032c87586c17eda5d0ed2b4e7afc7b0c712505bb23914d49ea4a8a12b9c","first_seen":"2025-07-26T12:58:47.742587Z","last_seen":"2026-01-13T15:17:47.212971Z","times_seen":16,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/sp/media/videos/tmb/1284/2.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /sp/media/videos/tmb/1284/2.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14304\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:20:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec91a-37e0\"\r\naccept-ranges: bytes\r\nage: 1930183\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EJNn99RLv%2FP%2BMtthrBJSOajfmJxb9AAxp4aSo6CqR8o3rYiEAuhnuroZ0lQxYIymeciv35AhGXegKPncUAQh8Zp683JTkejOoLmFrkIL\"}]}\r\ncf-ray: 9b31d7c6e8fe56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14304,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x214, components 3","md5":"b569c86bdbada72d17a7adc4cdf9397f","sha1":"ebe224aad9a86330c6cebe463e789d1ef683cd0e","sha256":"2f4abcc5c790b03576366fdcc5ff16d97c81bbfd0992524ba9f433bd1b214e52","sha512":"a39b2cc74357abaf3d924941619ee411cdea88f24eb8466df5abf3d77defd58750d1218d6271c7545186bea42af37ef1cb31a52e5635a86c3e70bc923c2325d6","ssdeep":"384:ixLWxyMUpV+vPj4GktgH3x0Cj2NSJBl1uf+1O8+t:ixWxnnP0GkU0C0ylm","tlshash":"2f52bfc28fa007f2bb587378245d3de052ce3a5d2e6ca39681e32599f35408a609df0c","first_seen":"2025-09-04T19:46:44.747809Z","last_seen":"2026-04-03T22:52:06.939124Z","times_seen":38,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":49,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtgallery.net/tb/suden-seduce.jpg","fqdn":"rtgallery.net","domain":"rtgallery.net","tld":"net"},"ip":{"addr":"5.63.144.84","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtgallery.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 17:00:08 GMT","end":"Tue, 17 Feb 2026 17:00:07 GMT"},"fingerprint":{"sha1":"5D:8A:5C:FE:24:B0:28:D3:1B:23:AE:94:5D:BC:79:7D:DD:8F:20:3F","sha256":"7A:EB:AE:AA:18:8B:DF:0F:6B:03:FE:39:39:5C:2D:B6:E1:64:4C:4E:FC:EF:35:B2:E5:8E:27:F9:70:BF:DB:C3"}}},"request":{"raw":"GET /tb/suden-seduce.jpg HTTP/1.1\r\nHost: rtgallery.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.22.1\r\nDate: Wed, 24 Dec 2025 17:33:18 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 68009\r\nLast-Modified: Tue, 29 May 2018 06:56:32 GMT\r\nConnection: keep-alive\r\nETag: \"5b0cf9a0-109a9\"\r\nCache-Control: private, max-age=600, must-revalidate\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68009,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: \"Created with GIMP\", progressive, precision 8, 480x360, components 3","md5":"8bf4eeef586f45284550c329c2a683a4","sha1":"a3dfa613a3d19ad48d8120a1aa64d2814cb6d7ef","sha256":"c15a7889eb76362c8755480313ca3e5ff9f0b8b0c902d7f2ab2d8504b646f5a0","sha512":"a180effa1c361bc9e787ba323a10a1494b53e16bfaf77abac2f8b844d0abd2006205be5d5fc6d70a4b48318cacbfa009a3774d0454e729926c76f55caf756773","ssdeep":"1536:dL7BKgOh5gnwds7x30vdLLkWA2quieBCguchc3HcEnl:dLtKgOh5NstKLL5AjuBCVcmnl","tlshash":"7a6302b00c4e1cf2f9904a2f6b041e16025e9f6796715d349ef630c58aaffd8cc59a9b","first_seen":"2024-08-20T03:54:38.926109Z","last_seen":"2026-01-12T15:07:52.57174Z","times_seen":14,"resource_available":false,"data":null}},"time_used":933,"timings":{"blocked":329,"dns":2,"connect":124,"send":0,"wait":31,"receive":87,"ssl":293},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lsbzytp.com:3519/upload/vod/20231130-1/330c14080fc3f5aea1f9178154699e20.jpg","fqdn":"lsbzytp.com","domain":"lsbzytp.com","tld":"com"},"ip":{"addr":"142.248.99.101","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 09:53:21 GMT","end":"Fri, 06 Mar 2026 09:53:20 GMT"},"fingerprint":{"sha1":"55:92:B5:BC:78:CB:75:63:3B:0F:C6:A3:DD:2D:2F:7C:FA:07:B7:4A","sha256":"02:67:5F:F2:7D:A5:B6:59:8F:77:98:9C:EF:94:84:1A:E6:C9:FC:6E:A7:27:06:47:BB:16:5D:BE:A9:91:90:79"}}},"request":{"raw":"GET /upload/vod/20231130-1/330c14080fc3f5aea1f9178154699e20.jpg HTTP/1.1\r\nHost: lsbzytp.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15081\r\nlast-modified: Thu, 30 Nov 2023 07:06:54 GMT\r\nvary: Accept-Encoding\r\netag: \"6568348e-3ae9\"\r\nexpires: Thu, 15 Jan 2026 19:52:12 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nage: 682866\r\ncache-status: HIT\r\nserver: HyperCDN\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: SAMEORIGIN, SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15081,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 393x225, components 3","md5":"91b1dee51edda176e2217f8812112133","sha1":"f0ca8639d2ab6b3dad0655e779b833f02f17b610","sha256":"30574d4778c7bab52f091da510b831310639692cc08f56c67859daa138487568","sha512":"ab7f880136b71405b3adcc9bf4c64eb56aeed624e8fa836faf41b070386479ce9ff76208588e60c0ad7990b96d7eb733dafb187df172d9b9af33e4434f44c898","ssdeep":"384:GNaMU0le5xcgmWpkv7g2bIymhmqVaqxoWJSM:GcVLrqxmhrEk","tlshash":"bc62d0bca75dd5fa5ff5805722413d2fd20b04d624790a38bb659a182090c7878bec2f","first_seen":"2023-12-01T05:44:57Z","last_seen":"2026-01-24T10:59:54.330511Z","times_seen":50,"resource_available":false,"data":null}},"time_used":1290,"timings":{"blocked":327,"dns":3,"connect":195,"send":0,"wait":289,"receive":1,"ssl":437},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.9188porn.com/","fqdn":"www.9188porn.com","domain":"9188porn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"9188porn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 09:28:02 GMT","end":"Mon, 02 Mar 2026 10:23:10 GMT"},"fingerprint":{"sha1":"A6:75:08:AB:20:D7:2A:E6:2B:50:C1:DA:59:F5:40:7B:7D:28:9E:C5","sha256":"83:9C:6B:2B:35:92:4D:96:4D:22:2B:45:AC:B4:E7:32:B2:F7:DA:26:69:E8:C4:BF:67:0F:41:0C:14:74:D9:09"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.9188porn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hqIv7zpBwC%2Fz8ER0OaXHJ8pEHIMlhu1at%2BzJjVrh8JndLwIguiNt2uP44H02w4KzHJwPHHXezB5E5PBl1%2BuilvVwmkLfOz7BSD0BrscF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b31d7cb6b28569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":694,"timings":{"blocked":320,"dns":2,"connect":4,"send":0,"wait":11,"receive":0,"ssl":307},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.tubetubetube.com/tubes/javfinder/remu.hayami/video6400/1.jpg","fqdn":"www.tubetubetube.com","domain":"tubetubetube.com","tld":"com"},"ip":{"addr":"172.67.146.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tubetubetube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 14 Nov 2025 19:06:15 GMT","end":"Thu, 12 Feb 2026 20:03:53 GMT"},"fingerprint":{"sha1":"12:06:A4:35:D9:08:B3:92:51:1C:CD:79:8F:E0:C7:41:AC:7C:F6:56","sha256":"8F:30:BF:FA:FB:5E:77:60:A7:0C:83:01:40:1C:DE:60:82:23:BC:D0:D8:FE:F9:CB:60:7A:61:50:A3:A4:6A:63"}}},"request":{"raw":"GET /tubes/javfinder/remu.hayami/video6400/1.jpg HTTP/1.1\r\nHost: www.tubetubetube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-length: 0\r\nlocation: https://tubetubetube.com/tubes/javfinder/remu.hayami/video6400/1.jpg\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K1mMi0b%2FMrrhWvP4Lwbi75k1jaYyqYcGlS8naUiVIorjcyH24QgOKGIWex1ohSx2G3crtO2sqK5OjCYHgygqzRqIyt7zRyRqJ4aFIBl52WpIbaUK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b31d7cb59fd4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54891,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":660,"timings":{"blocked":292,"dns":2,"connect":4,"send":0,"wait":11,"receive":0,"ssl":304},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsjs.jpg4.icu/index.php?js=very","fqdn":"jsjs.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jpg4.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 15:32:54 GMT","end":"Thu, 26 Feb 2026 16:30:32 GMT"},"fingerprint":{"sha1":"DD:1F:06:D1:AD:C8:98:82:F6:76:1B:72:E5:E3:ED:49:53:4D:2E:C2","sha256":"5D:0D:E6:96:38:E2:AC:E2:A7:81:11:6D:6A:D8:8A:47:43:3D:50:7D:FE:2E:30:F8:62:AA:CC:2B:30:C7:DF:7F"}}},"request":{"raw":"GET /index.php?js=very HTTP/1.1\r\nHost: jsjs.jpg4.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nimghost: 1729614248-h-jsjsjpg4icumh--NO-rm1726420930/index.php?js=very\r\n56nloadrate: 0.2025\r\ncache-control: max-age=360000, private\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Cake\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sXfUjS99HqfosMReap9WqI0YbR3iBQ6FGh4NeCzix4XAdYHcoQCxmgiAe15qbfYlrN3CwzhVvCEGRWnfOQ4iWkqNIBLgcpYVJifO\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\ncf-ray: 9b31d7c6dab35685-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":37,"dns":21,"connect":1,"send":0,"wait":364,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"filtradas.com/uploads/default/optimized/2X/6/6de56563a38abad3b3e381d35449d46426ddeae4_2_580x1024.jpeg","fqdn":"filtradas.com","domain":"filtradas.com","tld":"com"},"ip":{"addr":"91.234.199.87","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filtradas.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 04 Nov 2025 03:08:59 GMT","end":"Mon, 02 Feb 2026 03:08:58 GMT"},"fingerprint":{"sha1":"E1:A5:18:66:02:A1:30:48:C0:63:B8:0D:A6:A0:6A:4D:49:FB:31:A4","sha256":"F3:EF:EA:51:6F:29:3C:97:1C:9E:B5:C9:DB:69:E9:BE:55:EA:E1:47:AC:EB:1B:EB:A6:2A:5B:B1:74:85:D0:AB"}}},"request":{"raw":"GET /uploads/default/optimized/2X/6/6de56563a38abad3b3e381d35449d46426ddeae4_2_580x1024.jpeg HTTP/1.1\r\nHost: filtradas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 57009\r\nlast-modified: Tue, 12 Aug 2025 05:15:18 GMT\r\nexpires: Thu, 24 Dec 2026 17:33:18 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57009,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 580x1024, components 3","md5":"78e8556124a3c1968d890472aa098247","sha1":"00ffc2281e8139b838b7e7204637d3895d4f52b7","sha256":"705570ae1d70ecf53b55c21497033b8305a43d17570ac61bbc2c65b853c45394","sha512":"3eaa10d44e3703947eaabebb36ae4f70a95b8c657db2083fcb194fc61c7323558a5961ffcdb42b5e728dd4bdfe563d189c85d4eae73622089bf65029e56da0db","ssdeep":"1536:6QkeiDltTA0mdPJFiqLkK1MuuhwFwkw9/pZ+HhCtxZ:cYNLkK1n50/puctxZ","tlshash":"4943f2b68b6045d6f362c5e15355cfcca53e43b20db3bfa985e98358afb8704e60a017","first_seen":"2025-10-19T13:16:46.011696Z","last_seen":"2026-03-03T14:10:03.935369Z","times_seen":26,"resource_available":false,"data":null}},"time_used":970,"timings":{"blocked":342,"dns":2,"connect":124,"send":0,"wait":113,"receive":12,"ssl":310},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icdn05.4kpornvideos.tv/15367/768319_1.jpg","fqdn":"icdn05.4kpornvideos.tv","domain":"4kpornvideos.tv","tld":"tv"},"ip":{"addr":"45.133.44.5","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icdn05.4kpornvideos.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 02:32:58 GMT","end":"Sun, 25 Jan 2026 02:32:57 GMT"},"fingerprint":{"sha1":"B8:0F:7A:C0:15:D4:62:8C:DD:41:EA:7B:26:9A:EE:35:DA:0C:5C:BC","sha256":"F1:6E:D7:9E:83:2C:B7:E9:17:29:7A:78:8E:57:74:A8:0A:F6:F4:67:57:42:05:F6:58:20:83:E1:F1:AB:A3:9A"}}},"request":{"raw":"GET /15367/768319_1.jpg HTTP/1.1\r\nHost: icdn05.4kpornvideos.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 35931\r\nserver: nginx/1.24.0\r\nx-object-meta-mtime: 1598361597.267150425\r\netag: 2832573b59da794a0393e663deabef0b\r\nlast-modified: Thu, 03 Nov 2022 15:43:38 GMT\r\nx-timestamp: 1667490217.65728\r\nx-trans-id: txc19eba0e424a4537857ae-0067eef234\r\nx-openstack-request-id: txc19eba0e424a4537857ae-0067eef234\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\ncache-control: max-age=2592000\r\nexpires: Fri, 23 Jan 2026 17:33:17 GMT\r\nx-cdn-host-id: ah1004,DS9225\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35931,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x169, components 3","md5":"2832573b59da794a0393e663deabef0b","sha1":"5cbf67fb4dc6fb1497f7c7437c20536709715882","sha256":"4d5866ee2d07054f5be48ed757ec0901020fd68446459705bc9e294acab2339a","sha512":"f904a48431a3c565eba29170ef0380853aab354ddf3594457ddc0f37d93250f049726ed6a7dd2d2760f2ab5480e008a75aafbd31f34d57660e4d2c2e0bed17b7","ssdeep":"768:7ABUZQDqElAH+g0fPnjLV074SXprnOuuRd7VZejZPQuD0tHuawa:0KYqElu+g0fPjLa79X5n2Rd7VZ0PQXHn","tlshash":"55f2017ad241dd8acafd0855d5c99dc1874de84da323ef0e770962c3ea86946d04c73d","first_seen":"2025-07-26T12:58:47.779382Z","last_seen":"2026-01-13T15:17:47.18725Z","times_seen":11,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":109,"dns":0,"connect":0,"send":0,"wait":51,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g.uuu.cam/movie/hot.movie/haru.ito/video8395/1.jpg","fqdn":"g.uuu.cam","domain":"uuu.cam","tld":"cam"},"ip":{"addr":"104.21.82.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uuu.cam","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 13 Nov 2025 05:31:04 GMT","end":"Wed, 11 Feb 2026 06:29:40 GMT"},"fingerprint":{"sha1":"32:92:71:AE:97:2C:21:F0:96:35:94:B7:EE:E8:F5:0D:49:5C:46:0F","sha256":"75:09:AE:F8:7A:47:D2:07:E4:AE:79:26:EB:8A:BC:55:22:6B:9F:93:37:3A:88:DE:CD:E5:80:49:33:E8:3F:47"}}},"request":{"raw":"GET /movie/hot.movie/haru.ito/video8395/1.jpg HTTP/1.1\r\nHost: g.uuu.cam\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://jp.av2.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 60246\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 21 Oct 2021 10:45:27 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=os1V%2BJBko1Ra7LRNsCFQQbE9aVW1IZW%2BhSfSDHc3ipHhG6tOdDGDEnnx%2F9y06v8z2qkJ8ewOEngt7d9a7mFgOzZBRIPQOQc%3D\"}]}\r\netag: \"617144c7-eb56\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 1502933\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\ncf-ray: 9b31d7d58fb2b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60246,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x393, components 3","md5":"246e195d808ace351d19b11cbdcb19f4","sha1":"8f9a68c05a4aca012e1cd7d37ecfc18831cd13c9","sha256":"ca6e3bdae5cd460293fe439a86d079cc0e3a8b614900ca771122cd10384e27d0","sha512":"acb84fe0de9aa446902fd714c75ab1ae2109fb8ce5b73d5602f08596a9c0ee01d3aea7a5cecca42982768cc9d965513b281e43933157936f23c665dc7ee2a5fc","ssdeep":"1536:LsNBTFEUE2W7SB3tYRzk1O+Vxph5HWOMby5o+:k4bOB3Ok1fpD2R+","tlshash":"5143021a705e6bf239e859636c01df8972f28b854549df5220f6f031d262f25eec7a13","first_seen":"2025-06-15T07:12:42.965118Z","last_seen":"2026-01-17T11:49:39.751903Z","times_seen":9,"resource_available":false,"data":null}},"time_used":545,"timings":{"blocked":272,"dns":35,"connect":2,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/94ktnwun_header.jpg","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/94ktnwun_header.jpg HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 607597\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Wed, 17 Dec 2025 16:46:39 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PzDYAxyAloZ1SDCWM%2B9R4nqP3ckF%2BALtg3gt0nRTjFtl5wsWC7fHIlnhu7SVajqinirzQNM8peQqXgUYiG952fu5%2FDwrFSTKzLc%3D\"}]}\r\ncf-ray: 9b31d7c6ef22b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":125588,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 720x540, components 3","md5":"0015d37bd9494cfc2a6afdadd818bf91","sha1":"0599988a87d51b8f4fbfe9516e4945e6d0b1fae7","sha256":"5c5e50cbb54f30109c3b12434f0e537c62c2bdc6f77011bddb8b9de7c8545852","sha512":"5d701bf44218611fde585ffbc6002e8b7ac119539279073aaf0beb146716c4e90a4cb09ac60c5d83935ff2c46ad7026555ca3868a098636b5785779c3ec9ca23","ssdeep":"3072:/7AI4FcZm0LlAUyc3OMImbBScjupcQoO9qTPnd7LUsay/Rk54Sr:/7LkcZlAUy+ycjAcpPdXUsaLySr","tlshash":"87c3024eee8563e74d8b00590f1b96823fee0cf6600c752a355a053befc1d0b9746da9","first_seen":"2025-07-20T11:20:55.597884Z","last_seen":"2026-01-13T15:17:47.307169Z","times_seen":6,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img20.sdratmue.com/i0/daddy1973.jpg","fqdn":"img20.sdratmue.com","domain":"sdratmue.com","tld":"com"},"ip":{"addr":"45.138.107.47","port":443,"asn":208414,"as":"WEDOS Internet, a.s.","country":"Czechia","country_code":"CZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sdratmue.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 19:09:29 GMT","end":"Wed, 28 Jan 2026 19:09:28 GMT"},"fingerprint":{"sha1":"20:48:AB:58:09:A6:4F:9E:4F:46:4D:F4:4E:E1:D7:15:21:93:BA:87","sha256":"E7:97:F7:19:CB:FF:28:14:E7:90:63:C3:E6:AC:A0:F9:C6:4B:52:10:90:3E:4D:1A:AA:E8:D4:09:F9:CF:9F:D8"}}},"request":{"raw":"GET /i0/daddy1973.jpg HTTP/1.1\r\nHost: img20.sdratmue.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15896\r\nlast-modified: Mon, 01 Sep 2025 18:55:14 GMT\r\netag: \"68b5ec12-3e18\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-protocol: HTTP/2.0\r\nx-request-id: 0be3f2ea6fdac9f1a07e1a1ca4e40ca4\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15896,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 270x371, components 3","md5":"5a15b97f68a953b72f017a8c026e4e29","sha1":"ed8eccd25d0d1a2b79c18826f21de3d1aa4ffc1f","sha256":"2f4570697c836a8c583b4a08ecff737e3e43ab27f7de2fd703ea3501e7fcc9de","sha512":"fbd4c679f36092f023a2520cb7cc9d7f7b540fce92bf0152e1baa78e90bd576a1c34f4faa9cc8959201c50e6e5d47d723e3c9732e877ff06bed0fbc10523d368","ssdeep":"384:FDlJhT5zMfneEkZgXm3uy6BLBmUlrijMg2ss1Fjqk5t:hoxkZgSqLBmarOcjX5t","tlshash":"3662c1cc5d5530cbe42d77f94ebb762e8c225581c1abc4c427e29d3524ad021857adc2","first_seen":"2025-02-14T15:16:15.955749Z","last_seen":"2026-01-28T23:13:27.077858Z","times_seen":29,"resource_available":false,"data":null}},"time_used":886,"timings":{"blocked":309,"dns":1,"connect":78,"send":0,"wait":129,"receive":1,"ssl":281},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 3953\r\ncf-ray: 9b31d7d4cb698deb-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5ed16b69-29bf\"\r\nlast-modified: Fri, 29 May 2020 20:07:05 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 413846\r\nexpires: Mon, 14 Dec 2026 17:33:19 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2F%2FIXLByhxQ3I6DjRnrM%2FDhPOS4hBbtpfzaUi2H3mNaHwNTWAUHvagC4ixWphwyvuR4CdlaYXMZdxUBm5ojp2wTAclLa0ZEobc1oQYNe7K1TAkBjNSFT7yBLetiHeCOQI9i5B6r8j\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10687,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (10613)","md5":"ea77f824de2ef57acb12e7cb6596365e","sha1":"10bad0dbdf30a0471c2c786b349daeb1dd19180e","sha256":"2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c","sha512":"cf69dd76334b7318c829868da8a7e9c2097ef261555388132fc69f95d42e91420e2988056c3d93c830b20059422ae5a82e1109e3dce9127ccb0e23cc5ca27591","ssdeep":"192:N0rZbTPe+fl9SKRGyFgkw+wi+FrZJqbzr+5rA7wbUCzebIkm:N09voK7gzi+FrZJqbzrarAyUX5m","tlshash":"7a22f8b33133fd9f8fba085ac61d61045c7dbc6f4aa94091bb0884e86af4558ead5d34","first_seen":"2023-03-07T12:02:01Z","last_seen":"2026-05-05T00:58:57.938098Z","times_seen":2344,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":160,"dns":4,"connect":1,"send":0,"wait":9,"receive":1,"ssl":156},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.dirtysancheztube.com/favicon.ico","fqdn":"www.dirtysancheztube.com","domain":"dirtysancheztube.com","tld":"com"},"ip":{"addr":"104.21.16.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dirtysancheztube.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 08:49:54 GMT","end":"Tue, 10 Mar 2026 09:47:30 GMT"},"fingerprint":{"sha1":"02:83:1D:ED:4E:1E:1A:12:51:8E:32:9C:83:6B:13:14:A0:D6:0C:86","sha256":"E5:E3:7B:42:CC:8E:22:92:63:CD:17:77:2E:11:2E:69:2E:9D:68:3D:1C:72:37:24:9F:47:DD:51:B0:83:B7:E3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.dirtysancheztube.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Fri, 29 Nov 2019 12:08:12 GMT\r\netag: \"5de10a2c-47e\"\r\nexpires: Thu, 24 Dec 2026 07:30:15 GMT\r\ncache-control: public, max-age=31536000, no-transform\r\naccept-ranges: bytes\r\nage: 36186\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eylu080OkdA8jAB9XnXcCkKJhOYBm82P9WPPEzTLOcyjpGnYpDIJV2%2FMM31a9ItjfWzQbkkZb3LKYxYm5IEXEBnSf5m%2FtOvWMtCluwgH7WSmQFr11PQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9b31d7e55911b500-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"dfd251a1848f0caf669a9253f39d3068","sha1":"ee5695be8c0f24633be95c3a3adbd4b5b42ed6a3","sha256":"0b561412b53c6a575b07d9dd6cd1d9d98a4b61c2ab3540b6e9ff246eb5c88664","sha512":"df0a8b6ff89e8e44334e7747caf43914b9c3d9c39f09d3bdf26c2c7f959facb33a5a29701b0159599656a60189190a5f60e4c2b2cf4c80271c2574140d0e92ed","ssdeep":"","tlshash":"a421dea1d0f61c06c75fe93af051ef123e89bc550f9122b7a980133029a8dbfc2a5b80","first_seen":"2024-06-16T03:37:43Z","last_seen":"2026-03-03T14:10:03.70876Z","times_seen":190,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js?1","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","date":"2025-12-24T17:33:22.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /ajax/libs/jquery/3.3.1/jquery.min.js?1 HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://css.jpg4.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30399\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Dec 2025 15:00:08 GMT\r\nexpires: Fri, 18 Dec 2026 15:00:08 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 527594\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-09T15:20:32.236108Z","times_seen":126836,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.9188porn.com/upload/vod/20241028-15/cd8fe33b27527ca661c9b3bed5104ba4.jpg","fqdn":"www.9188porn.com","domain":"9188porn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:19.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"9188porn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 09:28:02 GMT","end":"Mon, 02 Mar 2026 10:23:10 GMT"},"fingerprint":{"sha1":"A6:75:08:AB:20:D7:2A:E6:2B:50:C1:DA:59:F5:40:7B:7D:28:9E:C5","sha256":"83:9C:6B:2B:35:92:4D:96:4D:22:2B:45:AC:B4:E7:32:B2:F7:DA:26:69:E8:C4:BF:67:0F:41:0C:14:74:D9:09"}}},"request":{"raw":"GET /upload/vod/20241028-15/cd8fe33b27527ca661c9b3bed5104ba4.jpg HTTP/1.1\r\nHost: www.9188porn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rvsNnw%2F7%2FREKXKH89Zuw5oB0Ia4n%2Bk6bfAMqo4mpRA2tct3FsxeqD2UhNz8t9O%2B92JhfUI%2Fx8H5%2B4mDTP6RoMU5UV59dIUq7v1x%2B0o4bKE0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b31d7d7ab0175ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ansuko.net/wp-content/uploads/2024/12/urakon-0.webp","fqdn":"ansuko.net","domain":"ansuko.net","tld":"net"},"ip":{"addr":"172.67.138.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ansuko.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 13:34:35 GMT","end":"Fri, 06 Mar 2026 14:32:54 GMT"},"fingerprint":{"sha1":"F4:E3:EF:30:48:D7:B3:40:2B:D3:E1:F5:14:F6:72:5B:FB:0B:94:DF","sha256":"1D:46:63:21:32:DB:DE:81:F7:49:23:17:0A:76:2A:6E:F6:89:3C:51:B8:65:66:A9:DA:9E:D5:EA:3A:BB:08:D7"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/urakon-0.webp HTTP/1.1\r\nHost: ansuko.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/webp\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 614935\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nlast-modified: Wed, 17 Dec 2025 14:44:22 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RHeZnzqLzcwEEhEqpgk0UuTYG4ur4NgoG1EVEJVKPDXnGr77YXUJ1KRNHW5i4yLylJivLsriQu9MjqRThOa0huKi%2FYLLNgPx4QU%3D\"}]}\r\ncf-ray: 9b31d7c71f50b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35112,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 800x450, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"063d91e9db405e78473e9914973fe48f","sha1":"65508fdea5965ee12ce91f61fcf1000ea10e64ce","sha256":"fbc73e69b2ce20f776be8117e5c4718078641deba5c3b4f74bdbe666f4044396","sha512":"48aadcf95442448b18fb0491e04ece4fdd03bddf3b7d02c67497f69bc89a6287a8d21f6f1e88574b6091fef563793447efbc9513f1879ef30f1ab438baae852a","ssdeep":"768:2J1cFWSdydrOOVZeljjkXaeMwuxtAN69/hishM/2yDOLvSWbVC0z9c:3FWEIrOOVZedyaBVhx6ZWJCA9c","tlshash":"c6f2f19d82a69d8d22f95563bca0ead0c3c768bc3a08be7b2217d0594136b06fd527d4","first_seen":"2025-09-19T20:52:30.185919Z","last_seen":"2025-12-24T17:34:12.661617Z","times_seen":5,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gekiyasu-dvdshop.pink/video/20391.mp4.jpg","fqdn":"www.gekiyasu-dvdshop.pink","domain":"gekiyasu-dvdshop.pink","tld":"pink"},"ip":{"addr":"133.18.43.253","port":443,"asn":24282,"as":"KAGOYA JAPAN Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gekiyasu-dvdshop.pink","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 09 Nov 2025 00:00:00 GMT","end":"Thu, 10 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:9E:91:A2:C7:0F:08:5E:2F:0B:DC:11:AD:47:6A:16:0C:6B:19:D0","sha256":"37:45:41:32:63:05:9B:F8:8E:9E:74:11:0C:94:73:9F:FF:2F:80:69:36:75:07:86:F4:68:93:DD:E0:A7:62:23"}}},"request":{"raw":"GET /video/20391.mp4.jpg HTTP/1.1\r\nHost: www.gekiyasu-dvdshop.pink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Wed, 24 Dec 2025 17:33:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 19210\r\nLast-Modified: Wed, 21 Feb 2018 19:34:11 GMT\r\nConnection: keep-alive\r\nETag: \"5a8dc9b3-4b0a\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":19210,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc53.61.100\", baseline, precision 8, 640x368, components 3","md5":"917f67219bcff0d2c32ae08a912ee2a5","sha1":"f02f267ba0bd452aa44a1dd4ec6319967217e4f8","sha256":"6fe0bcd2a0672cf6f6bba2a9ef3bcd148f34c2eb48048fb8b56395a21696432e","sha512":"342b8808f963318bba93d4225ef25adaa9fe4cc140236aeaf3e3430a4ccfdf890bae97f41b6e76319e2aa4750d26bf27590787382996af798f42d61db1a67afc","ssdeep":"384:buk45FOgkwrGTnyWfX201F08580GEdcI2bQYVrKFy/9ZLkDfP:bdwOzwrGd+0T083dcIelVr/LkDH","tlshash":"3782cf579d70c282de35e8f6bf4194de21b95908be41290e4a538cba7c94809dc8a4f3","first_seen":"2025-06-24T07:11:14.953098Z","last_seen":"2026-01-15T23:30:06.742331Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2398,"timings":{"blocked":322,"dns":1,"connect":297,"send":0,"wait":520,"receive":2,"ssl":1247},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sexsex16.com/favicon.ico","fqdn":"sexsex16.com","domain":"sexsex16.com","tld":"com"},"ip":{"addr":"202.95.16.31","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex83.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 11:56:06 GMT","end":"Wed, 04 Mar 2026 11:56:05 GMT"},"fingerprint":{"sha1":"62:15:D0:4F:44:F8:F8:4E:EB:1C:8C:5D:5B:6C:03:3A:EC:61:66:78","sha256":"E2:4B:7E:3F:65:EB:1A:17:67:6A:30:C4:46:A1:06:E7:37:DB:6C:BC:29:8D:B2:69:0E:32:F5:66:3A:4E:DB:52"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sexsex16.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 404\r\ndate: Wed, 24 Dec 2025 17:33:23 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":2441,"timings":{"blocked":550,"dns":29,"connect":272,"send":0,"wait":1255,"receive":0,"ssl":322},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"erota2.com/favicon.ico","fqdn":"erota2.com","domain":"erota2.com","tld":"com"},"ip":{"addr":"172.67.69.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"erota2.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Dec 2025 03:57:39 GMT","end":"Tue, 24 Mar 2026 04:57:35 GMT"},"fingerprint":{"sha1":"61:A4:B3:51:5C:84:0C:7A:D6:B2:9C:95:F5:8A:8A:BB:32:1E:BF:0A","sha256":"12:B6:23:F5:45:4E:9E:2F:9E:1C:EB:B6:30:A1:C5:0D:C3:06:A5:27:4C:CA:54:E7:0E:95:E5:38:6A:78:13:97"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: erota2.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 Moved Permanently\r\nserver: cloudflare\r\nlocation: /favicon.png\r\ncontent-type: text/html; charset=utf-8\r\nvary: accept-encoding\r\nage: 170\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qxMLYyFn7Po6OYiY5Vn5ChwTZldz3a6gdl5TSVzzY39y%2BdOBWxFTqlbqgBCyCi3wwf4lwzjn3qMbjUBNFQatl6MKg79iOuH7RQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\npriority: u=4,i=?0\r\ncf-ray: 9b31d7e6284175ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2262,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsjs.jpg4.icu/index.php?js=very","fqdn":"jsjs.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","date":"2025-12-24T17:33:20.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jpg4.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 15:32:54 GMT","end":"Thu, 26 Feb 2026 16:30:32 GMT"},"fingerprint":{"sha1":"DD:1F:06:D1:AD:C8:98:82:F6:76:1B:72:E5:E3:ED:49:53:4D:2E:C2","sha256":"5D:0D:E6:96:38:E2:AC:E2:A7:81:11:6D:6A:D8:8A:47:43:3D:50:7D:FE:2E:30:F8:62:AA:CC:2B:30:C7:DF:7F"}}},"request":{"raw":"GET /index.php?js=very HTTP/1.1\r\nHost: jsjs.jpg4.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://css.jpg4.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\nserver: cloudflare\r\nimghost: 1729614248-h-jsjsjpg4icumh--NO-rm1726420931/index.php?js=very\r\n56nloadrate: 0.21125\r\ncache-control: max-age=360000, private\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Cake\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ik4juLAZR9Bq4HR1hWn%2B%2BCdPXBvKgFwAZWybDzEeKGHsyNrp4OBBw%2BPwRQZAPom4E3Ml56evvBoqJJ%2B3saiBi7gdKeUzIcAsyGRT\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: BYPASS\r\ncf-ray: 9b31d7db5fc25687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.jpg4.icu/mycss/av4.css?33","fqdn":"css.jpg4.icu","domain":"jpg4.icu","tld":"icu"},"ip":{"addr":"172.67.183.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","date":"2025-12-24T17:33:20.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jpg4.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 15:32:54 GMT","end":"Thu, 26 Feb 2026 16:30:32 GMT"},"fingerprint":{"sha1":"DD:1F:06:D1:AD:C8:98:82:F6:76:1B:72:E5:E3:ED:49:53:4D:2E:C2","sha256":"5D:0D:E6:96:38:E2:AC:E2:A7:81:11:6D:6A:D8:8A:47:43:3D:50:7D:FE:2E:30:F8:62:AA:CC:2B:30:C7:DF:7F"}}},"request":{"raw":"GET /mycss/av4.css?33 HTTP/1.1\r\nHost: css.jpg4.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 24 Dec 2025 17:33:20 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Cake\r\ncache-control: public, max-age=360000\r\nx-proxy-cache-192g-la: MISS\r\nxkey-192la: css.jpg4.icu/mycss/av4.css?33--css.jpg4.icu-css.jpg4.icu-myzone---no\r\nx-proxy-cache-tot-vt: HIT\r\nxkey-tot-vt: css.jpg4.icu/mycss/av4.css?33--css.jpg4.icu--my_zone\r\ncontent-encoding: br\r\nage: 39854\r\ncf-cache-status: HIT\r\netag: W/\"103e-62edbddabc000\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oS6gPxgQany7%2FwbsiKYKGVeZ%2F0FtU3xU%2FgQ73iy3UkMSO3BMRddTe2syax86qHZ5doULgZjAXBn6wvSF7OMFg9IFdN5udbR0Ye4%3D\"}]}\r\ncf-ray: 9b31d7ddcfd15687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4158,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e05d356eb3c9cb0366e5491f098c5b66","sha1":"9c82f99795bf55512147a0bd629e9775446291bf","sha256":"7c7a5f32e5c6a2e6e1f3e71112f35691714019685cc4c7d567e158cb32d1579c","sha512":"94dd9b84614bae349bcaa9dafea12a08589b4b899cf59c1228cf9bf70d657a715b49cfc18748b2d174dac63a6df076828bfa8da9b25c686d74bc742ddbe9283c","ssdeep":"96:Uq6qw2a3Alqiqq7rShmo3NxlIAFrQH+42+F2fFB:+eYXih/SMoHlIAFkHL2+F2fFB","tlshash":"ca813f729b550141b51b92946f62b79123369013d907cf79bafa217ccf891ec21e2f4e","first_seen":"2025-04-08T05:19:22.565686Z","last_seen":"2026-02-10T20:33:51.228745Z","times_seen":840,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn5-thumbs.motherlessmedia.com/thumbs/665F0A2.jpg","fqdn":"cdn5-thumbs.motherlessmedia.com","domain":"motherlessmedia.com","tld":"com"},"ip":{"addr":"185.107.92.224","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.motherlessmedia.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Nov 2025 00:00:00 GMT","end":"Tue, 22 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1C:9C:A7:64:1D:50:C4:66:FC:B5:AE:9C:CB:DF:AC:1E:1F:4B:A0:83","sha256":"FD:6F:CF:79:47:AA:EF:54:72:2A:60:E2:1B:57:6B:D6:33:60:E2:67:DA:83:68:95:02:34:5B:66:53:45:A1:0E"}}},"request":{"raw":"GET /thumbs/665F0A2.jpg HTTP/1.1\r\nHost: cdn5-thumbs.motherlessmedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: openresty/1.21.4.1\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 21636\r\nvary: x-s-token\r\nlast-modified: Thu, 04 Oct 2018 06:25:19 GMT\r\netag: \"5484-5776138099869\"\r\nx-cache: HIT\r\nx-whom: cdn06\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":21636,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 10x9, segment length 16, baseline, precision 8, 640x480, components 3","md5":"4d6002949038c64e3f710f941c4f2c3b","sha1":"f85e0a4f074f1d2cca95f106d4cfb6d97ad598bd","sha256":"93d3f83bbb578dc4810a9bd741d1c6f9fec3c7aff6a7ff55a5d8f0394dc253fd","sha512":"97bcae2c83935593cf3de970cfcbde7bc40ddc1ec4fd0e458f58762bcde2ab4af8e27dce925946798c366799eb9593da409737b3924a7e3b6bd266ce296fc3c4","ssdeep":"384:2nTHQFuD+e8n4M/g/8RggAwcQqdbvZxH4ZDmfBQe+LgMQ/W8YPFLFqp:Imi8n5RRcQIbvHI6fQlQ/iLYp","tlshash":"0fa2e1217c3503d1e007e5b7ce05f3123153791fa42a278ea1ae688de61eccde9d51b9","first_seen":"2025-09-19T11:16:27.118802Z","last_seen":"2026-01-20T05:39:08.078282Z","times_seen":11,"resource_available":false,"data":null}},"time_used":1519,"timings":{"blocked":296,"dns":8,"connect":98,"send":0,"wait":34,"receive":5,"ssl":1033},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.x-pirat.ru/vids/christmass.jpg","fqdn":"ru.x-pirat.ru","domain":"x-pirat.ru","tld":"ru"},"ip":{"addr":"104.21.19.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"x-pirat.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 10:29:23 GMT","end":"Sun, 22 Feb 2026 11:28:03 GMT"},"fingerprint":{"sha1":"2E:29:E3:EA:9F:72:20:3E:F7:F2:8A:A6:C1:79:C5:30:2B:AC:95:2E","sha256":"1D:6A:29:4F:0E:06:3C:DD:1F:A2:E5:27:3D:A5:09:A5:81:5F:7B:ED:94:DB:2F:53:67:C2:60:3F:99:8D:5E:95"}}},"request":{"raw":"GET /vids/christmass.jpg HTTP/1.1\r\nHost: ru.x-pirat.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 99742\r\nserver: cloudflare\r\nlast-modified: Wed, 25 Dec 2024 02:30:02 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"676b6e2a-1859e\"\r\naccept-ranges: bytes\r\nage: 1968\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mIvI6Jblm7IVf8tdBusBT2Q54DBfhL8DgNrUUtHAS4nnAwWuiyJfhXcUgkuEuCz6XuStXyrIUbjs45qlIm%2FGtyyhjF%2B4luehvORvSVU%3D\"}]}\r\ncf-ray: 9b31d7cc8db91ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":99742,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2024:12:25 05:37:35], baseline, precision 8, 881x587, components 3","md5":"b6ff00b28a28cca2b37c0c56e97e1e20","sha1":"0e0ff8517c6afecf3f9d2b988fca2526e2e9c929","sha256":"bec62188ef436834bd75024eb1df88bde0ab657f3285b87735ec58413110120f","sha512":"7edde23afea9b91a0e09b52e9c50fe84f1ad7dbff6c60b8847f3ff261dd5d84bf7fdd2ab8420d0ff04bc74540960582ae8af2f2c3fff9950c3fcbb9445cb145a","ssdeep":"1536:zyMWnqjy0PQteDp8WULYWl1bpptQUni6w9eY9TWNGFaddkBDgXFAVFjmydcrV7qV:zkztet8/YQ13thwePNGkddkB0XSNm2Mq","tlshash":"d0a312f12ad7ac0fe1a915f7147e1c168310a4c77d82b67c869c4e465f6958afcc8427","first_seen":"2025-07-07T22:01:11.533288Z","last_seen":"2026-01-20T12:10:26.265224Z","times_seen":24,"resource_available":false,"data":null}},"time_used":740,"timings":{"blocked":292,"dns":8,"connect":60,"send":0,"wait":8,"receive":26,"ssl":297},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.apian088.sbs/hd/media/videos/tmb/000/006/339/4.jpg","fqdn":"img.apian088.sbs","domain":"apian088.sbs","tld":"sbs"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"apian088.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 12:00:16 GMT","end":"Sat, 14 Feb 2026 12:44:47 GMT"},"fingerprint":{"sha1":"81:62:5B:8E:F8:D6:89:63:71:73:E3:18:57:53:27:65:B5:AD:00:32","sha256":"1E:DA:15:FE:0A:FF:52:03:D1:A0:EE:60:AD:2A:3A:55:0D:CD:56:3F:75:52:A1:90:E2:E7:70:D3:2A:15:12:5E"}}},"request":{"raw":"GET /hd/media/videos/tmb/000/006/339/4.jpg HTTP/1.1\r\nHost: img.apian088.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12357\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Mar 2024 12:18:51 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65fec8ab-3045\"\r\naccept-ranges: bytes\r\nage: 1930162\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X7qe%2FvxVZzs8h5hC%2BuS%2BfgG%2FrV%2BqASvgIs7VXjqKMbcjENtA0WovtgkWCMf53eJZnXFNfTBZfRkPhc5yEzZXKUOg4WgaCRHmB4hkQCa9\"}]}\r\ncf-ray: 9b31d7c7392856b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12357,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x226, components 3","md5":"8a80f883daf75b1a19750bbf971c7465","sha1":"168b4b491d56d55ae748c2af036f5619e44dee69","sha256":"5b7bd38c6469f80bce9635b15a55d37c66e2c9e29250cb9e0e0aec3fa42919cb","sha512":"4b97c1ec3cf0b9dac8b0cac195bfb5ede62ae024cd36da2015eefbb07bdbac7d01b0447625dbe777dab2169693620bfdabf09840dfa0bd5c2299ee2ddcdcf93f","ssdeep":"384:+xih2C+NcDwnVxEZbr/0vkR9ytx3PwJN/4:YihF++D2xYrcMmRK/4","tlshash":"4f42af163373c418c93d1fb107b6cd42e4847964127d0d7a9398e2efbb298990ae29e6","first_seen":"2025-09-03T10:31:35.595841Z","last_seen":"2026-01-11T16:31:17.659523Z","times_seen":6,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":44,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stallionanimalxxx.com/tmbs/125/958_wild.jpg","fqdn":"stallionanimalxxx.com","domain":"stallionanimalxxx.com","tld":"com"},"ip":{"addr":"185.162.130.18","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"stallionanimalxxx.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 12 Dec 2025 12:32:15 GMT","end":"Thu, 12 Mar 2026 12:32:14 GMT"},"fingerprint":{"sha1":"1A:11:51:ED:D7:E6:67:DC:89:EF:7D:5C:63:53:E1:10:5D:FA:F9:A1","sha256":"6A:AE:95:D2:65:D9:47:AB:C2:46:71:85:81:09:58:54:0B:8B:2F:2C:2D:CD:B0:9B:99:A2:49:59:B5:BA:B3:40"}}},"request":{"raw":"GET /tmbs/125/958_wild.jpg HTTP/1.1\r\nHost: stallionanimalxxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.23.3\r\nDate: Wed, 24 Dec 2025 17:33:18 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 15067\r\nLast-Modified: Wed, 30 Jun 2021 06:18:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=30\r\nETag: \"60dc0cb3-3adb\"\r\nExpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nCache-Control: max-age=315360000\r\nX-Request-ID: 41b07ed3086ca779472e176e5fa4570c\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.23.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15067,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x230, components 3","md5":"4a69a61d8c0f48150c61f2b33a2c4c90","sha1":"5694e374a4f2a9b9a1c6dd953c9c982a5e9f81b1","sha256":"c13b95aa8f566078f5aa2241d923b319427d53fc353a0fad1416e7242c382245","sha512":"de9ca81cb958fd2e214ab23c74dfe8f0c7a552e94bb961d70f2bda4099d1918722a69caf91f34be80fe492a01efc86490a444ceb3951cc3c785f33ab0a1ab499","ssdeep":"384:f3nk5+RGl7Qb/D+f3b6nWHefGasMrrYY8:f3nk5CGl0b/KuzfGdMrkY8","tlshash":"4a62d103a41d97c0ca5f0144cb3f1a64148bcfd5e1c9ab2d65c052667ef9b93cad9ce4","first_seen":"2024-08-19T20:50:39.81722Z","last_seen":"2025-12-24T17:34:12.664794Z","times_seen":3,"resource_available":false,"data":null}},"time_used":809,"timings":{"blocked":313,"dns":2,"connect":97,"send":0,"wait":46,"receive":0,"ssl":283},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn5-thumbs.motherlessmedia.com/thumbs/7C0F3BB.jpg","fqdn":"cdn5-thumbs.motherlessmedia.com","domain":"motherlessmedia.com","tld":"com"},"ip":{"addr":"185.107.92.224","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:18.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.motherlessmedia.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Nov 2025 00:00:00 GMT","end":"Tue, 22 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1C:9C:A7:64:1D:50:C4:66:FC:B5:AE:9C:CB:DF:AC:1E:1F:4B:A0:83","sha256":"FD:6F:CF:79:47:AA:EF:54:72:2A:60:E2:1B:57:6B:D6:33:60:E2:67:DA:83:68:95:02:34:5B:66:53:45:A1:0E"}}},"request":{"raw":"GET /thumbs/7C0F3BB.jpg HTTP/1.1\r\nHost: cdn5-thumbs.motherlessmedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: openresty/1.21.4.1\r\ndate: Wed, 24 Dec 2025 17:33:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 28910\r\nvary: x-s-token\r\nlast-modified: Thu, 04 Oct 2018 17:46:59 GMT\r\netag: \"70ee-5776abddafb4d\"\r\nx-cache: HIT\r\nx-whom: cdn05\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":28910,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x480, components 3","md5":"d024553402aaef1c81d952d89b21bd5b","sha1":"37ebeddf0c5af0627f5097d6dc03c7f9e8488eeb","sha256":"1fb5b6b6766601fd8720dbaaf7054641d19e53f9e62a4dba7b9e11c82e3db339","sha512":"8df51252a9d3b2b9b77a7fb725ee2c435446d98f89abfa228bbeb9935744ca43efa02c2959ea5900d23701ed3062558327df3073b87980c919c330b6de1e879c","ssdeep":"768:a3tjsSI8WvRPm+Lto0s7QlfeX1M6ltKLSA2fxd:a2Sk9OxQlWl5ltKH2f3","tlshash":"0dd2e18ef30a8734ed2fdeb4b55f4246d004081f5552724eaab60d423e76aeb30a652f","first_seen":"2024-08-19T23:09:03.711123Z","last_seen":"2026-03-03T09:47:10.917835Z","times_seen":28,"resource_available":false,"data":null}},"time_used":1073,"timings":{"blocked":419,"dns":1,"connect":18,"send":0,"wait":46,"receive":1,"ssl":573},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"page.phic4.top/myda.php","fqdn":"page.phic4.top","domain":"phic4.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://css.jpg4.icu/tagjpa.php?noself=1\u0026url=av.diktok.top/tags/3","date":"2025-12-24T17:33:21.009Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /myda.php HTTP/1.1\r\nHost: page.phic4.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://css.jpg4.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1468,"timings":{"blocked":0,"dns":1,"connect":476,"send":0,"wait":0,"receive":0,"ssl":226},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"page.phic4.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xvideos.com/favicon.ico","fqdn":"www.xvideos.com","domain":"xvideos.com","tld":"com"},"ip":{"addr":"185.88.181.9","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xvideos.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Mon, 30 Dec 2024 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:99:1B:79:BF:20:90:58:BE:23:F3:B2:15:CA:58:D1:87:C9:8F:0E","sha256":"30:46:58:19:E9:1C:C9:B3:05:E7:D0:33:39:C8:4A:8C:C3:27:BC:55:FD:4A:19:FD:DE:C4:50:B0:FF:69:5F:04"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.xvideos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Wed, 24 Dec 2025 17:33:22 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 15086\r\nlast-modified: Mon, 09 Oct 2023 14:43:32 GMT\r\netag: \"65241194-3aee\"\r\nexpires: Wed, 31 Dec 2025 17:33:22 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nserver: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"d6baf7b631c1e482b6e2f770f9e67057","sha1":"73eb49e766e5954e1ad9538cc35038b9f14494b9","sha256":"fa1ee8d05ad6dfa0731ee0d37badfd019cc3315e6d3b9ca1ae161cee4749481b","sha512":"3e1060de4568d23e10a9e8de1a27e5a965ab9e7e377004badb5f82f6018b46239542efd7378fff55a332b2e04a6211e53031b26a8044f28f3e9507760214e184","ssdeep":"96:jxUVxTXzZJEubLaOmLXa8zyyyyByyyyKzEdgCUPOuQqyyyytyyyuEX:jxUVxTFO722d7NX","tlshash":"ac62a8c7e5054da1dda887b04073998b156bfd6b09632c1a20c63f98d9b3eebf474b01","first_seen":"2023-05-07T23:40:39Z","last_seen":"2026-05-03T08:28:02.567594Z","times_seen":743,"resource_available":false,"data":null}},"time_used":701,"timings":{"blocked":287,"dns":25,"connect":21,"send":0,"wait":28,"receive":1,"ssl":336},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.sexsex61.com/favicon.ico","fqdn":"www.sexsex61.com","domain":"sexsex61.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:22.418Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.sexsex61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":-1,"dns":11,"connect":335,"send":0,"wait":0,"receive":0,"ssl":353},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pits10.com/image/b0/a2/67886033e0b14261a147010506a1b0a2.jpg","fqdn":"pits10.com","domain":"pits10.com","tld":"com"},"ip":{"addr":"154.214.5.46","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://jp.av2.top/","date":"2025-12-24T17:33:17.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pits10.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 15:14:21 GMT","end":"Thu, 19 Mar 2026 15:14:20 GMT"},"fingerprint":{"sha1":"E4:54:01:38:3B:E0:1E:26:C4:09:18:75:34:53:A6:7A:2A:73:D7:AF","sha256":"49:B3:73:9C:DC:ED:36:16:94:67:A9:AA:CA:9E:E6:E2:55:4B:2D:13:36:2D:A9:8E:E8:67:48:4E:9B:6E:35:28"}}},"request":{"raw":"GET /image/b0/a2/67886033e0b14261a147010506a1b0a2.jpg HTTP/1.1\r\nHost: pits10.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://jp.av2.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 17:33:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 37550\r\ncache-control: max-age=864000\r\nlast-modified: Thu, 23 Feb 2023 18:51:21 GMT\r\nexpires: Sat, 03 Jan 2026 17:33:17 GMT\r\nx-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":37550,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 800x445, components 3","md5":"3a1adf74a53c62ea4fd990f6eb696a0d","sha1":"0c029a22c7ceaee147217658104656df61d4b613","sha256":"d4a88c66276285f557b3c8db922173e948bb07158df716c0a701f139a0db0dc2","sha512":"491bef9e6ae366be86562004cd889289b089c8ac306c4ffe02aef45e29bd4b9cafa1d8d491fd457a3cc309ed33c47cb6a427dca69d90a389b7c660eff2848b79","ssdeep":"768:veugq5GFDVL7GcVreX64ssHPvkLfvKv0S/A5Hc//Likx3F9peCl:ves5GhVL7GcgqRRuxIZcv5D5","tlshash":"6cf2f109e29f7bc6e74b4151ea323ed84073c42eadf3150ea6bf81a9c30d85a594475a","first_seen":"2025-12-24T17:34:12.66731Z","last_seen":"2026-03-02T16:55:39.908059Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1052,"timings":{"blocked":281,"dns":35,"connect":153,"send":0,"wait":210,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}