{"report_id":"cec022e2-09cb-4118-a96b-92889e7d6d6a","version":6,"status":"done","tags":[],"date":"2026-06-07T01:01:41Z","url":{"schema":"http","addr":"ty691.com","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"final":{"url":{"schema":"https","addr":"ty691.com/","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"title":"天游棋牌中心官网 - 专业棋牌文化交流平台","dom":{"size":8574,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"35c6c7c6c51b4a06cca4c6dfb454a346","sha1":"7bd3d9e8b39388de4c2afd11742c9f90ab882ef2","sha256":"3d5326511312224d2546febe2838c464985b0bc9f3c3aefb981e6b0a57bef07f","sha512":"35a5d5daa5e909782fbb97556b8b35c325a16bd064146d0241f9024634fbc00546f62959c25b5b82fcaa3d4c55dfea045d5234b0a75f48ae05fc71479a0de6f8","ssdeep":"192:0IZrnMZjBPCpnDZ0CPBfE/k1mp6rPlyJzmRF4sArtg:gjmX7Artg","tlshash":"f902752660e3115b2833d1a66ff3171b6664d407c20bc9a87ecd15cdef89ac9c8a338c","dom_hash":"domhash68151781dee7f7d6b79191cedd0be75b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ty691.com","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-12T01:01:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-06-01T08:46:24.104872Z","alert_count":0,"request_count":1,"received_data":361,"sent_data":459,"comment":"","tags":null,"fingerprints":null},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-06-01T08:33:37.168547Z","alert_count":0,"request_count":2,"received_data":30879,"sent_data":1228,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sdk.51.la","ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":347679,"first_seen":"2021-03-08T16:03:51Z","last_seen":"2026-06-02T11:40:35.64368Z","alert_count":0,"request_count":1,"received_data":34790,"sent_data":409,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ty691.com","ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"domain_registered":"2026-05-06","domain_rank":0,"first_seen":"2026-05-18T14:22:40.599811Z","last_seen":"2026-06-07T00:26:53.940486Z","alert_count":135,"request_count":27,"received_data":2378818,"sent_data":12414,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"weinisiguanwang.app","ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-06T23:35:51.080813Z","last_seen":"2026-06-06T23:35:51.080813Z","alert_count":0,"request_count":9,"received_data":295194,"sent_data":4161,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ty691.com/e/dongpo/tz/tz.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd9a398590c16db262e8f0e3617d41f8","sha1":"38e29470da1dc6dd21bd8c0f710958592fd35eb7","sha256":"dd38ef08ff800826fd7e16d619c28bc4e69941d58f8abd2360532fa5e6343c84","sha512":"7a30a0f0dfdb2f9e566eb517e6ae8491f659e36d681d6313950caa03c9399cff2b2f390a1f76709d489f183ccc28e42059ca13641400db764e08b59e2dcc6e14","ssdeep":"","tlshash":"e3218c7fae630150d11691592bba776c3a3a001b6301c8307abcbe695f42f429447bd4","size":1158,"data":"","first_seen":"2026-06-06T23:41:28.920593Z","last_seen":"2026-06-07T02:40:39.430356Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"c83ebee2aa19e3fdbfe07dcfcc239405","sha1":"e0db08a93c863968c4b1e146aa04544b246a2153","sha256":"3a6e51bd3dae91dca04533ce5aac3a50495bfed1e7cf2355d46949e0e030ca0c","sha512":"489c1b6cb2283af2e422f4505beaf9a867fce6bfba145878f76ebca3e30799ce38dd2d9de53992c066f204e229fb286aa09527b2c52452418f5ae12a89d200ba","ssdeep":"","tlshash":"48f0dcae9c51e178abc338ac9bafd688c16e1026110ecc03a9d9c5ce3c38fc8042134c","size":491,"data":"","first_seen":"2025-01-04T07:18:42.072419Z","last_seen":"2026-06-07T02:40:39.482097Z","times_seen":380,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/bootstrap/js/bootstrap.bundle.min.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"21d4551af5cc4ed4d818bdbdfea8c358","sha1":"df272a07ed30eaf8025b699c45736ba9d284e4d4","sha256":"35f4547d9364111aca4850347356bc5660a994f0d8b694d88f995098a7b547fa","sha512":"4dcd22faf4688265f834deedb8b6d07c1c5af0991f512031485573994df59d5747ca21c494f3f2d9c59f15a7260892b0d15aa8bebcca85d7764d24cc740c69da","ssdeep":"1536:/SwJiEbnTl6R2t49CFliFCIg/yWszSraJd5qUFH9tZwcE+iYZMgZdj:6wfs+SSO5q4tZwcEVYZFj","tlshash":"2383b5593244b8730ade85b68037430bf2265998b14b812cb57cadde2a7dcc67277f78","size":80821,"data":"","first_seen":"2025-06-18T01:20:12.005242Z","last_seen":"2026-06-07T05:08:56.660528Z","times_seen":2047,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/swiper/js/swiper-bundle.min.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"21b78ba7133b3d67cf8b09cd6a26d386","sha1":"ea59f37b232db6dee2694078bf21e153a09bacdd","sha256":"6f9df49fe12f77b66daba876cb33b7090b2443f570a2a4b9541cddd705440aa5","sha512":"dc48bb38f168f37930ddc3db0cb78b867fd817cb5907b56cf2c7e58b407f2847a4bab78be5ea2c0deb216052020afb782bc8b4c948a5fe52b77128a27365a392","ssdeep":"1536:TIJQfGP7LP8NEuWGKF+IlzholxU/2Bkt+9SD8jv1nTHlU9ymp8Mj0HEOS5hAsVuZ:0JCN+TXD2BkQZFU9tp8Mj0k95h5cpnv","tlshash":"02d3f8896221b57646e316db93e4c221a3b50544b80ac8f470bd4c9f597ec9813feffa","size":140562,"data":"","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-06-07T05:29:21.193191Z","times_seen":4462,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?c07eb39b85a98c006261a3a263eb36c6","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e63edc5da563253af1aa205d4a10e4f","sha1":"23190b2fbbee02bb44ead35dd3733cfa8813cd66","sha256":"77a3f8500554efaf34b862bef2e447c5cc35640e76aba454d2e29d2f2840c404","sha512":"d8ccc39863f8f343381801c9bc40c81165f3226dceff67a7837fd2c8726851168bfe0f0f13f9ccce3cfa9bec7e91c02703b5ffe30fe63418eb2d86591357a207","ssdeep":"384:N7JSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:N74VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"70d2d9a9b282713293a324a5153f324ef17b5a54bd4968a4f11894c07d38fbb027bfdd","size":29897,"data":"","first_seen":"2026-06-07T01:01:46.000813Z","last_seen":"2026-06-07T01:01:46.000813Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"Function","is_inline":false,"md5":"8319abd6a4d84c74123e16356fd05240","sha1":"792f245559f291bce23b0c6cf45db5005ed47241","sha256":"fcfd6eb71486f5fa007841458566e4549ade9427537819f8fb7bb8665a5346b1","sha512":"59ea9d28a9bb096439d0bbde89077d472462b124c4093b9cb0fa8e1bfe4960e6bbad8b482814e0feddc1255f03f17078021e74df8556787b5114de3d3b9b78e9","ssdeep":"","tlshash":"68e02bded3d6d88539c36eb4bd063119725c0d792cec48a5cc102a520ae597789d2a9f","size":431,"data":"","first_seen":"2026-06-07T01:01:46.015499Z","last_seen":"2026-06-07T01:01:46.015499Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/e/dongpo/tz/tj.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bf60b5cf9c764caf9e85228dc7bfc33","sha1":"22b0d1971d7ec1ec3bb55ff4771752db18eab9ef","sha256":"1a32c475f692c3c84f550cc194a92fff3df6368293bbec3b8e67a42bc2d92306","sha512":"681c26eab518649736ea2c6302120b5a61e0b0749375c8933c7c890b6195de0c6e09a4184c9af8c5fd0f5e5eeda63ba803574bee4c44737899ccd18ce14c97c9","ssdeep":"","tlshash":"8601f11f7c25e13463921c2d23bbdadcf5ad2016101dc80654dec4ad6c34ff9042ab4c","size":808,"data":"","first_seen":"2026-03-03T01:17:34.078046Z","last_seen":"2026-06-07T05:08:56.704182Z","times_seen":396,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/bootstrap/js/home.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"16c93ef01acd14ec64c07020d638253e","sha1":"9c7b9d1a61977675c7f128bf2e27093d3cfe37f6","sha256":"f0795e9620ff382d585e15e40f303b394863fc5fa3dbdecd140adcbc4e51ffd2","sha512":"218d41ff60e128ff13105f9d376cfac1b80401527884da7b6179bab1fe8e9aa9e5959873bc5385798c8a5c6fb7aedce8e68b17112833cc16c096e0dc214d35ea","ssdeep":"96:6P7fgtAVMsSMCM1vUrp8KtQJQ1l/2o3RV0uRC6v6qyS+KQkIF:6P7fg+VSVAvUr2KaG1Zd3YuRriqyDKQH","tlshash":"91c1551a62b42433447775bb97af57c477212087b8c6ec393dfcc6080f845aa59f1aea","size":5802,"data":"","first_seen":"2025-10-09T23:37:04.756251Z","last_seen":"2026-06-07T05:08:56.703637Z","times_seen":725,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fc0b01d35300e8398d6e957987c01e7","sha1":"f1eb32c75b8d8e4b0555ebc2a5f5d1d60296f41e","sha256":"b164aafa0bb83dfe511912ca2ca475880bfffac8d8f098c947fd3d4af440d3a4","sha512":"fab84d067e724d45f35821d8f37c0cd4f608af2975de48a61b905dba89189ca8778b04b4d507e6417a4187193a3da2d0a8939c02bf2d39adb9733cffd2358401","ssdeep":"768:Xzz9qAO+a/y1jaKUiQU5enEU9GMXB0XXQVEXB3CNSPf:Xzz9qnT/c+KUc5enEU9GMXB/EXB3LPf","tlshash":"55f22d9577c0717cc3c782e9361b401ae1a69e810099a8acf345f594bd74e66a33ffa8","size":34329,"data":"","first_seen":"2023-04-05T07:31:50Z","last_seen":"2026-06-07T07:00:58.088997Z","times_seen":9659,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-07T07:17:36.747213Z","times_seen":121581,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-07T07:17:36.747213Z","times_seen":121581,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/js/link.js","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2bb59fab5e9dc6207e194220b10ba8be","sha1":"5a0b0b0ee3c02babc933dce1fa92405393a23793","sha256":"c79c7f26b4c1c781406013078e38ee2d2f6d1e2623fb81ed5a560fce1e20d730","sha512":"0e621314f5066da4cfae524bc2b04ef7221824ab57af309b4b376023605748332c49db2b712be10f08894c8321830643877b7209e05e9d73dc42950d8106881b","ssdeep":"","tlshash":"f731ae5cead039365d274967695b2c14b153400bbc0aec42f39d4ac0dfb172e4b7a9e4","size":1743,"data":"","first_seen":"2026-06-06T23:41:28.917847Z","last_seen":"2026-06-07T02:40:39.445393Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"5ea4ed957a0b261151dac522867c1abd","sha1":"2ad940f70f57d4e7d4c624da27691f27fd970ad2","sha256":"229702bd443552b438f8113c95879a863fa4b777ff5be6fb0e61b765cb7d2de3","sha512":"5dc10c656eac40df0c6bdbf66f1f1631178dcc4f5d084f015efe85a07467ef2b68fc0fcd66bc5f4a39af17ea42b03d243e0eaeef5d7f9a0b13efc07dae010b98","ssdeep":"","tlshash":"a3f097ae9c51e568aad328a89bafd68cc16e1026110ec803a9d9c5ce3c38fd8082574c","size":508,"data":"","first_seen":"2024-10-26T06:33:34.507797Z","last_seen":"2026-06-07T02:40:39.482766Z","times_seen":515,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"ty691.com/skin/bootstrap/css/module.css","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/bootstrap/css/module.css HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 24 Jul 2025 20:07:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68829272-28112\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":164114,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65518)","md5":"67e45932bedd92dd7bc2a7de1653677e","sha1":"b15f3b2e370d9a7c2c40ea991c8f4a839617702d","sha256":"6e25cdc64273a412026df8a7b3510d9ba7dd6cd75653dd3eb884371b4ace73e8","sha512":"d6130c594f82eefca5109421095dc8c0603b44c4c714bdb8956e64278c9c1625263a531a1ad401fa344f180c2f1cbe95af8246c9e33dc6a28316ab243f448591","ssdeep":"1536:qiVj2AhHm0CfrtrPr7AhhTQbdS6U8H2GXVxICl1gGqotJFFp4L/Xzbv9ALVTFCew:sAhhTQg6U8p45s5Q","tlshash":"c6f397309984202cf11bc5eae5d0abef32649801f663077ef66370a6d6c21ef577674a","first_seen":"2025-10-09T23:37:04.753197Z","last_seen":"2026-06-07T05:08:56.689243Z","times_seen":679,"resource_available":false,"data":null}},"time_used":507,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":507,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/departments1-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/departments1-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 69086\r\nlast-modified: Mon, 11 May 2026 18:13:31 GMT\r\netag: \"6a021c4b-10dde\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69086,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 749x499, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a3d5937aa538428cad72f5ff189a01d7","sha1":"44121e2f365caad1e200809c37822799cc9ce122","sha256":"2ab1bee0150c55c0e022f995301b760cc0111c61ee1fda8e5133ae7d3fc9dfce","sha512":"73c0d61e6d2e081ac776c404bd11bd963f3aeaac39f8a8df4616a018322a8019b4ffbf2bbee44a53ac7314fe256cf89c98e1720c9856bf725d74848a738ae996","ssdeep":"1536:G+tmZ9OhHIFB5N5PVEpyknGAHY9Ugz85bhW//2H5T+0:LtIOhObhVHkGl9rz85En291","tlshash":"2d63023a8e185e4f71458e8d53876b304ef13b890ad27b60fe2a7d2570f3e50146a9f6","first_seen":"2026-05-18T14:22:45.785522Z","last_seen":"2026-06-07T02:15:23.79892Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1774,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1255,"receive":519,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/departments4-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/departments4-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 132438\r\nlast-modified: Mon, 11 May 2026 18:13:31 GMT\r\netag: \"6a021c4b-20556\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":132438,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 591x394, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c75b79e1912307c895c9b6e34d69b147","sha1":"2c47e41b6992d199edb645dcf383b585b865ab5e","sha256":"3e308f88abd5198f22eb8718597b8a124602cdb9bf2a1c728b2a46c523c9971c","sha512":"2d7fc51f511f2c4f893ceaf2db6827a82b6beaea3ad32c43be3cef85524dc0b03d779ce67c73b4efd81df02ba6716e32ef5e41920a9e292ac6abd14c059651ef","ssdeep":"3072:sNkT057yCF4s8zFMZcyuICQxwEZMmTAVD8qtTt:NGyC+sYyuIFfJgDPD","tlshash":"2ad312690102e60e3bae7d9708356a24b653c5de3b342e523ba6f38044fb1d4fb19d57","first_seen":"2026-05-18T14:22:45.754794Z","last_seen":"2026-06-07T02:15:23.794Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1793,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1251,"receive":542,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/picture/jinshapc.png","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/picture/jinshapc.png HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-a334\"\r\nexpires: Tue, 07 Jul 2026 01:01:24 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41780,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 295 x 113, 8-bit/color RGBA, non-interlaced","md5":"1d2140363e0fda69f41537010f37ac74","sha1":"9f3791b6ade0a7966dee0253cb698564490e9440","sha256":"65ff8549228320f54f3d93e45194314c43c7cea541241876a57633bb5ac94f92","sha512":"75dd491fe42a57dee94c06e5e389323f0b32a584f3d0223845ea8f945ac9cff401e65cc381f4e8973dd78c14655abfff000186a770df78acddff35e6bb69fa86","ssdeep":"768:fUD/+JUtuV8Sp+uA5mBhYhXXy7I1VzKT26hq34ZhMNg1de0nGtXIIq5y7RYLIXK9:j2SYd1Xy7wVG66BvMNg60KXrsLB","tlshash":"3113f1a116d7074d278849fcda334deec406ab285d19b93ec5f68f34e3846c4d083a66","first_seen":"2025-01-31T12:39:53.036928Z","last_seen":"2026-06-07T02:40:39.457282Z","times_seen":448,"resource_available":false,"data":null}},"time_used":512,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":512,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-07T01:01:19.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:20 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24573,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15050), with NEL line terminators","md5":"8c6bbd616668a7446fce286a64cf3a00","sha1":"0de3bf993787761e4411a40c88ac8a0cf00a2291","sha256":"ce0d6a5bb8b74233333b95c1552f3a2f2a1e0a7f7f58bcfa0819ac8e8e2e1466","sha512":"f67ec50b8af91a41d71b5ee3893990251e36cadf191a8ecc1342cfe4adc0e4e921ce7e78f15d35d93c6ee051dceffa0f89165854858e40a2e0d8557c750ba6da","ssdeep":"384:5nvJx0NarV6lvUenddXBpUWKdsdi6KnCrjhTfPBYX0vpISseuODghMTt6F:l4C6ls2rBpUWKdsdiJe7qEvpIXevghMO","tlshash":"9cb2e7377295b77b019f82fa7920b38e22fb815dcd6b8945abfac3d487c9c92411005b","first_seen":"2026-05-18T14:22:45.78317Z","last_seen":"2026-06-07T02:15:23.793526Z","times_seen":5,"resource_available":true,"data":null}},"time_used":2346,"timings":{"blocked":1027,"dns":515,"connect":252,"send":0,"wait":291,"receive":0,"ssl":258},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/fontawesome/css/all.min.css","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/fontawesome/css/all.min.css HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 01 Jul 2025 22:17:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68645e64-1907e\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":102526,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (52276)","md5":"c43cd173eeeba2f72aa6b431d06b8c07","sha1":"427a692f7f39eabb3d5b8510aee2743025daf813","sha256":"c880eb3d25c765d399840aa204fec22b3230310991089f14781f09a35ed80b8a","sha512":"02f6f6422b83104bc1e1b64961d7edda63635528417ed2dd3c6f0527457b8ab4cb43c528d2a70fc61e0f96aec6e6d1a6d2b53ed523e1568b6d78ba41111c1393","ssdeep":"1536:vwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPG9ZpgmLCq:P709gMGFiyPG9ZimLCq","tlshash":"4fa3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2024-01-04T18:36:36Z","last_seen":"2026-06-07T06:47:32.750114Z","times_seen":11156,"resource_available":false,"data":null}},"time_used":755,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":755,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/bootstrap/js/bootstrap.bundle.min.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 01 Jul 2025 23:41:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6864723c-13bb5\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80821,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"21d4551af5cc4ed4d818bdbdfea8c358","sha1":"df272a07ed30eaf8025b699c45736ba9d284e4d4","sha256":"35f4547d9364111aca4850347356bc5660a994f0d8b694d88f995098a7b547fa","sha512":"4dcd22faf4688265f834deedb8b6d07c1c5af0991f512031485573994df59d5747ca21c494f3f2d9c59f15a7260892b0d15aa8bebcca85d7764d24cc740c69da","ssdeep":"1536:/SwJiEbnTl6R2t49CFliFCIg/yWszSraJd5qUFH9tZwcE+iYZMgZdj:6wfs+SSO5q4tZwcEVYZFj","tlshash":"2383b5593244b8730ade85b68037430bf2265998b14b812cb57cadde2a7dcc67277f78","first_seen":"2025-06-18T01:20:12.005242Z","last_seen":"2026-06-07T05:08:56.660528Z","times_seen":2047,"resource_available":true,"data":null}},"time_used":1240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:23.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":""},"issuer":{"commonName":"Keymatic Secure Domain RSA CA G1","organization":"PKI(Chongqing) Limited"},"validity":{"start":"Wed, 01 Apr 2026 06:48:26 GMT","end":"Fri, 16 Oct 2026 15:59:59 GMT"},"fingerprint":{"sha1":"F0:4F:0E:62:84:89:BD:2B:8E:53:1E:AC:20:70:16:C2:F7:E9:C1:C0","sha256":"54:9F:ED:D0:8F:D4:0A:5F:31:95:55:FD:E0:E6:13:F2:09:8C:39:E1:01:31:98:FA:1D:DC:20:CD:20:19:7C:F5"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 401\r\nOrigin: https://ty691.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://ty691.com\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\nage: 0\r\ncontent-length: 0\r\ndate: Sun, 07 Jun 2026 01:01:23 GMT\r\neo-log-uuid: 4700876990328690031\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T07:09:49.261984Z","times_seen":16206673,"resource_available":true,"data":null}},"time_used":477,"timings":{"blocked":227,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/picture/1552215839168.png","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/picture/1552215839168.png HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-2a6b0\"\r\nexpires: Tue, 07 Jul 2026 01:01:24 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173744,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 488 x 147, 8-bit/color RGBA, non-interlaced","md5":"ce2e5b88612ff5d0c083357995805cb1","sha1":"ee211057d855fb16fcbbc4dd280c54d0e8be9445","sha256":"8d2484ecd64a9270ab446bebd54998c84015ccac62e322332ff027218cc11c54","sha512":"5c3a7cc91ed1cc8f9064538fd154dd31addf4705eea3767bd444c06cc64dfedc9bdccee584936bd2b6a4f142820d0bdd74213497247a59759e89d79fa5bfd896","ssdeep":"3072:7jOt+RYVDFMiydCbjFViIj2qBEn0uzBdtt/jU4SyaguPpoQE3TqtGMFR++gcKiYF:fOARYVFMiyyhViycrTLw4vagkpoQE3T/","tlshash":"c204124c9c4413f186c9f265e2068884e57fc915427c342b37c9e3fb4da6a4927baf32","first_seen":"2023-09-28T01:03:26Z","last_seen":"2026-06-07T02:40:39.443891Z","times_seen":589,"resource_available":false,"data":null}},"time_used":766,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":766,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/picture/365pc.png","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/picture/365pc.png HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-2255\"\r\nexpires: Tue, 07 Jul 2026 01:01:24 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8789,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 189 x 44, 8-bit/color RGBA, non-interlaced","md5":"e0c9d379cd4926e815abd7d25c32f5e4","sha1":"e9a1fb55262d96495f14da278c7242cc3fda956b","sha256":"7b50586f667edbeb0c3d573a44d40742354c385a2d7ae1971aa4b0173c11173d","sha512":"519aaeff0baab73e269e86413df78c8563728cb4b1f17e448877c4853a726df366f201b9e869078a4fa460517530a84b5ae9da4290511aeb4d0b93aecb9ac99c","ssdeep":"192:6ZTS99EegUNgEBTJ35PgUUxiKlqSvxV5mG5pqghmCoTHV0:2YzgogEr35Y7cK1YGmAMT+","tlshash":"1e02a0bc5a62079b3d1aa9f8172c54f1fdd070eb411f7c99947d201b0c68a1c83af4a3","first_seen":"2025-01-31T12:39:53.02929Z","last_seen":"2026-06-07T02:40:39.473242Z","times_seen":449,"resource_available":false,"data":null}},"time_used":766,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":766,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/departments6-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/departments6-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 85768\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-14f08\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85768,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 551x367, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ed33b5bc765363b60f701e8d43eb71c8","sha1":"178084df6f969e308556010f23f5ba03de47a6c6","sha256":"894f9b1b07e7d02789b66ded1dfb37c189fe043f448d455458ae2ab05eff24ea","sha512":"b121e33a6c60d289bac98699b951d5704d0e1bc3875a3acba9924d3e9eee98a7c3fb9ea22ff43545f38b0fda31e1bedaebe257aec4c2ca999994f69def9e8a3e","ssdeep":"1536:Mm03Bh2H4gRX7S0kIk6OKzUpV/F+fvUyHsuYkhn7QgOi323cs/gf4nhvjJ:gxhpgRLS0g7KzUph83pspk50T3bVZV","tlshash":"928312436d20dd2c677f3b04fa1a0a922da1556553d420643339e6ea23ef727f07a2b7","first_seen":"2026-05-18T14:22:45.789563Z","last_seen":"2026-06-07T02:15:23.784031Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1776,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1249,"receive":527,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/judge2-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/judge2-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 125660\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-1eadc\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":125660,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 799x570, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"54048e2194daf60586f78c90403a4f75","sha1":"66b683c2689c768e5fb7794ced7961cdf338acc4","sha256":"890386358fd942cdcf609e1bae6ae519f092c4834e937587c612a1a513fc8e17","sha512":"e127dd8787be744e9b8cf654477cced0564b3abb0ffbfbbdba6b3dac7c0f14d0f860b9e23db90929da7afe96c14943e75fab7d6b4574f127e18ca3d097329700","ssdeep":"3072:f1T/T2OX88OrMhWnmK4B7RXYFSIlCBgwbeG:f1v2OX1kn/PAIlbwiG","tlshash":"07c3120b239a67492e84f8c5db9a9f70ab4bc389c0b59ec2730499b71715c9b8f0d553","first_seen":"2026-05-18T14:22:45.786383Z","last_seen":"2026-06-07T02:15:23.801318Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1778,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1247,"receive":531,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/judge5-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/judge5-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 79550\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-136be\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79550,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 570x380, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"26ae3c64700df2343a18431daf25aaf1","sha1":"e57687fd7a17a250fb19b3394ab93942a2ffc317","sha256":"da5c73f5e514c27be12365574c745a4384962734a386c73870e3a536972836c3","sha512":"3e00a15840375230cfa346c38138d6dfb56115451fad22ea2fe4a42bc41ca925c50c5e57624af3b789936d735cba6f0477b8b707ee5b87673e06c953a4067ae4","ssdeep":"1536:sJQfiwjie8BO35AxT8f9DAPK2lAIunGjnlB8HL08bs:uQfzGBO35y8FuNTP6AWs","tlshash":"b273022afc0fc0315ecabc9b4ede509496d5246665b43bdafaf6d81ab70c4a074918f0","first_seen":"2026-05-18T14:22:45.766241Z","last_seen":"2026-06-07T02:15:23.784636Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1243,"receive":538,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/fontawesome/webfonts/fa-solid-900.woff2","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:22.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/skin/fontawesome/css/all.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:22 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 158220\r\nlast-modified: Fri, 13 Dec 2024 08:50:06 GMT\r\netag: \"675bf53e-26a0c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":158220,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 158220, version 775.1280","md5":"4a6591ab5460ae5cbff1ecbd6e52193a","sha1":"7cd8afd6501962fda35d66f0e4c3b8815ac471d8","sha256":"aa75998623a391e61c6901794ace832e3ecdd288b56d608f21bea0411acc0b8e","sha512":"96c5d3283b71613b595b6b0420333bef5d64451af05c59dde27ec5b3e7cfe6e9549c604cddfbcb79cbc0fd4cd6f2e22a130c9a220b1b7ef933ac9df8c8e695d6","ssdeep":"3072:RauSB5FANIRLpsBaBrJGNG3ECNQztRvHHqkqLrlF:guSqN6ptrJGo3POh9KT9F","tlshash":"0ef312a710c6b95684a3a51b336adeb52c3ed363fcb6cd73be340114689da9c2e4d190","first_seen":"2024-12-19T10:41:23.153533Z","last_seen":"2026-06-07T06:41:22.133367Z","times_seen":28045,"resource_available":false,"data":null}},"time_used":986,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":707,"receive":279,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/js/link.js","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/js/link.js HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 06 Jun 2026 12:48:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a24172e-6cf\"\r\nexpires: Sun, 07 Jun 2026 13:01:24 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1743,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"2bb59fab5e9dc6207e194220b10ba8be","sha1":"5a0b0b0ee3c02babc933dce1fa92405393a23793","sha256":"c79c7f26b4c1c781406013078e38ee2d2f6d1e2623fb81ed5a560fce1e20d730","sha512":"0e621314f5066da4cfae524bc2b04ef7221824ab57af309b4b376023605748332c49db2b712be10f08894c8321830643877b7209e05e9d73dc42950d8106881b","ssdeep":"","tlshash":"f731ae5cead039365d274967695b2c14b153400bbc0aec42f39d4ac0dfb172e4b7a9e4","first_seen":"2026-06-06T23:41:28.917847Z","last_seen":"2026-06-07T02:40:39.445393Z","times_seen":5,"resource_available":true,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/judge1-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/judge1-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 73292\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-11e4c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73292,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 581x453, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4df4f54fe960ade209499ca33bc2f2a1","sha1":"4f0c60cf1402bd9f74e0dc2866dd36210a4ec326","sha256":"7d71b5a8ed0a8e1bdc4e6ab64af9c40ef257bcd03a35abab3ec5682235a1d275","sha512":"76d5ad8b40fa391aa0ef7b72772905437cdb3141520527086617c1f5f49cad56823c56f2622c1de754866119ae7158fbb4aeaa65dac069a6bffcf8ab45202bcd","ssdeep":"1536:uzv07yp3GuTy+m4QohLodaJK1R9mJsco10cN4rCBfYGU:W0Myazg1Rsu10cN4rN","tlshash":"986302e798e374401f78140bfaabc5cf6d85da3d8ea4f19123c45aed2b2b14143d4a1a","first_seen":"2026-05-18T14:22:45.779349Z","last_seen":"2026-06-07T02:15:23.799549Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1776,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1248,"receive":528,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/footer-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:22.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/footer-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:22 GMT\r\ncontent-type: image/webp\r\ncontent-length: 98090\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-17f2a\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98090,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 602x401, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a852e0b317c65d7c3813e182867b092d","sha1":"96514e611bbc125052b3a9642d40c5bf7a0ccf1e","sha256":"da0126cda1f8304447c9bf43b00239a4a017228d234e4c3dddc4f57bf20aade2","sha512":"87df15d27b3a23079c87f45f6bf602d20c7ab81b11f1fea58670a4c52e5cdd299438429b8a5a16c1b5e8e80c1e2a8a1e9fb1840572c96e7d1ae60474883141f4","ssdeep":"1536:/lPTd2Piw2tocjEGkSoWKe7fpIx3SZ7YIYEeP+rTnFLc9f/DZmp0HyseuqrNL1Qp:/tTdeiw2wGEGY34jeP+fFQ9ngKSsSrfe","tlshash":"7ba3121c59bd9d90670cd86d0519358ebad0fce928b83927b2eccba529b5f01dee8407","first_seen":"2026-05-18T14:22:45.77003Z","last_seen":"2026-06-07T02:15:23.797922Z","times_seen":5,"resource_available":false,"data":null}},"time_used":967,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":712,"receive":255,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?c07eb39b85a98c006261a3a263eb36c6","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:22.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?c07eb39b85a98c006261a3a263eb36c6 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11291\r\nContent-Type: application/javascript\r\nDate: Sun, 07 Jun 2026 01:01:23 GMT\r\nEtag: e017bf3ebd11dd0faa8f6838bfd86436\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=2EBB5D7A3AF52B6B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29897,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (621)","md5":"1e63edc5da563253af1aa205d4a10e4f","sha1":"23190b2fbbee02bb44ead35dd3733cfa8813cd66","sha256":"77a3f8500554efaf34b862bef2e447c5cc35640e76aba454d2e29d2f2840c404","sha512":"d8ccc39863f8f343381801c9bc40c81165f3226dceff67a7837fd2c8726851168bfe0f0f13f9ccce3cfa9bec7e91c02703b5ffe30fe63418eb2d86591357a207","ssdeep":"384:N7JSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:N74VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"70d2d9a9b282713293a324a5153f324ef17b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-06-07T01:01:46.000813Z","last_seen":"2026-06-07T01:01:46.000813Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2177,"timings":{"blocked":940,"dns":0,"connect":479,"send":0,"wait":293,"receive":1,"ssl":461},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=2EBB5D7A3AF52B6B\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1087624012\u0026si=c07eb39b85a98c006261a3a263eb36c6\u0026v=1.3.2\u0026lv=1\u0026sn=11529\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fty691.com%2F\u0026tt=%E5%A4%A9%E6%B8%B8%E6%A3%8B%E7%89%8C%E4%B8%AD%E5%BF%83%E5%AE%98%E7%BD%91%20-%20%E4%B8%93%E4%B8%9A%E6%A3%8B%E7%89%8C%E6%96%87%E5%8C%96%E4%BA%A4%E6%B5%81%E5%B9%B3%E5%8F%B0","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:24.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=2EBB5D7A3AF52B6B\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1087624012\u0026si=c07eb39b85a98c006261a3a263eb36c6\u0026v=1.3.2\u0026lv=1\u0026sn=11529\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fty691.com%2F\u0026tt=%E5%A4%A9%E6%B8%B8%E6%A3%8B%E7%89%8C%E4%B8%AD%E5%BF%83%E5%AE%98%E7%BD%91%20-%20%E4%B8%93%E4%B8%9A%E6%A3%8B%E7%89%8C%E6%96%87%E5%8C%96%E4%BA%A4%E6%B5%81%E5%B9%B3%E5%8F%B0 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Sun, 07 Jun 2026 01:01:24 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=020666320EBB5122; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-07T07:14:16.067793Z","times_seen":367005,"resource_available":true,"data":null}},"time_used":290,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":290,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/swiper/css/swiper-bundle.min.css","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/swiper/css/swiper-bundle.min.css HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 08 Jul 2025 08:36:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686cd89a-4691\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18065,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (17812)","md5":"ea28ae0aaf82709381c57d6a7daa7a05","sha1":"a7c528dc9018aeefed9a52337168decb220e2f61","sha256":"af8545de3876815292506711e1369bff9dfe57ec7e04c45c3e1bdac48a11f3b2","sha512":"9c63402a957e06b7c365a6cf5f53baaba991953e7bfda99d8feeaf177db6a2782a28004b1d82df2dcde362d5556e4891f6da300d63cf13d816144dadb1920f66","ssdeep":"192:1VmUJbiKne0JlXZHZ+Sme+jexS4nxep/a2GZb0Q5nfufKlAYfg5fyeesedOJ9A5Q:1gUbe0JdZHZ+W+SFnZ24tlWfF4XYz","tlshash":"d08245a85340282753274f364b71cbb9dd7444d20f9389ae91c0ee48d7f6db9132f6a9","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-06-07T05:29:21.271629Z","times_seen":4980,"resource_available":false,"data":null}},"time_used":506,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":506,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/hero-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/hero-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 201748\r\nlast-modified: Mon, 11 May 2026 18:13:31 GMT\r\netag: \"6a021c4b-31414\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201748,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 818x545, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9f0c3dd112d19fdedf8bfd93e4237913","sha1":"f6557e3709425f68eca9ecb512bb7638fbf614e7","sha256":"af3aeb17c5c978525ac9a9efc3292e18bbb0c4e4b9d22a2817cbaeaf4b29c9a4","sha512":"6447447d1d20c2a11a7b1ad1c84f604e64d454c802f04493e27a7589147c39266a1ad8738a4c23e8be7f488cae8aaca8dba54f44f2f432b1deb8da9037eb2d22","ssdeep":"6144:q9oymLCWonSGid7CNmrpbDmLJGys3KSWuQ:GFqMnVNmr6Js3rQ","tlshash":"65141325f5f4cd13da665a276e1a38e0e4a70973c67c676f881cd024af276ccf4d484a","first_seen":"2026-05-18T14:22:45.757683Z","last_seen":"2026-06-07T02:15:23.782798Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":753,"receive":1020,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/departments3-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/departments3-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 111984\r\nlast-modified: Mon, 11 May 2026 18:13:31 GMT\r\netag: \"6a021c4b-1b570\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":111984,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 621x465, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"98fedbc362b63af60e6a2161f8e0a67d","sha1":"9865ea5531a7014b4eba17261fcb1e607227450e","sha256":"3f40d0aa60b38a64f4a358b47a7081361617d08e7dac226cad744bc3bc864598","sha512":"0787e489a2238d9289a99c4a6043858fe0f7467e19b5ec6608ecef9cd870ba21f479a42d21c355ac2344dd142fff30fe979fff68b839f00799b9bd4f039613b8","ssdeep":"3072:zwDVMPlZlq1b9AZds3Q/9mOZAtsZo3joANXEGoNFdGWezTh:8ulZ81hcR/nAtoo3jZQNTQ","tlshash":"b2b31295c898c6ebe2992a9f1592c223c5ffe076c52f304c6c13d687af7a43e5905b09","first_seen":"2026-05-18T14:22:45.778422Z","last_seen":"2026-06-07T02:15:23.78754Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1775,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1252,"receive":523,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/swiper/js/swiper-bundle.min.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/swiper/js/swiper-bundle.min.js HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 02 Jul 2025 23:58:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6865c79e-22512\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140562,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65283)","md5":"21b78ba7133b3d67cf8b09cd6a26d386","sha1":"ea59f37b232db6dee2694078bf21e153a09bacdd","sha256":"6f9df49fe12f77b66daba876cb33b7090b2443f570a2a4b9541cddd705440aa5","sha512":"dc48bb38f168f37930ddc3db0cb78b867fd817cb5907b56cf2c7e58b407f2847a4bab78be5ea2c0deb216052020afb782bc8b4c948a5fe52b77128a27365a392","ssdeep":"1536:TIJQfGP7LP8NEuWGKF+IlzholxU/2Bkt+9SD8jv1nTHlU9ymp8Mj0HEOS5hAsVuZ:0JCN+TXD2BkQZFU9tp8Mj0k95h5cpnv","tlshash":"02d3f8896221b57646e316db93e4c221a3b50544b80ac8f470bd4c9f597ec9813feffa","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-06-07T05:29:21.193191Z","times_seen":4462,"resource_available":true,"data":null}},"time_used":1239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1239,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/e/dongpo/tz/tj.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /e/dongpo/tz/tj.js HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 808\r\nlast-modified: Tue, 05 May 2026 19:43:53 GMT\r\netag: \"69fa4879-328\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":808,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (554)","md5":"1bf60b5cf9c764caf9e85228dc7bfc33","sha1":"22b0d1971d7ec1ec3bb55ff4771752db18eab9ef","sha256":"1a32c475f692c3c84f550cc194a92fff3df6368293bbec3b8e67a42bc2d92306","sha512":"681c26eab518649736ea2c6302120b5a61e0b0749375c8933c7c890b6195de0c6e09a4184c9af8c5fd0f5e5eeda63ba803574bee4c44737899ccd18ce14c97c9","ssdeep":"","tlshash":"8601f11f7c25e13463921c2d23bbdadcf5ad2016101dc80654dec4ad6c34ff9042ab4c","first_seen":"2026-03-03T01:17:34.078046Z","last_seen":"2026-06-07T05:08:56.704182Z","times_seen":396,"resource_available":true,"data":null}},"time_used":1238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1237,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:22.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":""},"issuer":{"commonName":"Keymatic Secure Domain RSA CA G1","organization":"PKI(Chongqing) Limited"},"validity":{"start":"Wed, 01 Apr 2026 06:48:26 GMT","end":"Fri, 16 Oct 2026 15:59:59 GMT"},"fingerprint":{"sha1":"F0:4F:0E:62:84:89:BD:2B:8E:53:1E:AC:20:70:16:C2:F7:E9:C1:C0","sha256":"54:9F:ED:D0:8F:D4:0A:5F:31:95:55:FD:E0:E6:13:F2:09:8C:39:E1:01:31:98:FA:1D:DC:20:CD:20:19:7C:F5"}}},"request":{"raw":"GET /js-sdk-pro.min.js HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 15 May 2023 03:20:54 GMT\r\ncontent-encoding: gzip\r\netag: W/\"6461a516-861a\"\r\nserver: openresty\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: max-age=1296000\r\nage: 111723\r\ncontent-length: 12853\r\naccept-ranges: bytes\r\ndate: Sun, 07 Jun 2026 01:01:23 GMT\r\neo-log-uuid: 12408777284498758571\r\neo-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34330,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (34109)","md5":"8fc0b01d35300e8398d6e957987c01e7","sha1":"f1eb32c75b8d8e4b0555ebc2a5f5d1d60296f41e","sha256":"b164aafa0bb83dfe511912ca2ca475880bfffac8d8f098c947fd3d4af440d3a4","sha512":"fab84d067e724d45f35821d8f37c0cd4f608af2975de48a61b905dba89189ca8778b04b4d507e6417a4187193a3da2d0a8939c02bf2d39adb9733cffd2358401","ssdeep":"768:Xzz9qAO+a/y1jaKUiQU5enEU9GMXB0XXQVEXB3CNSPf:Xzz9qnT/c+KUc5enEU9GMXB/EXB3LPf","tlshash":"55f22d9577c0717cc3c782e9361b401ae1a69e810099a8acf345f594bd74e66a33ffa8","first_seen":"2023-04-05T07:31:50Z","last_seen":"2026-06-07T07:00:58.088997Z","times_seen":9659,"resource_available":true,"data":null}},"time_used":859,"timings":{"blocked":415,"dns":222,"connect":19,"send":0,"wait":24,"receive":1,"ssl":173},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/logo/ty691com/logo.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/logo/ty691com/logo.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4758\r\nlast-modified: Mon, 11 May 2026 18:13:30 GMT\r\netag: \"6a021c4a-1296\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4758,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 400x140, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cc1d6959f8e0bb68001ca76568082bf1","sha1":"32a0dfd9282d781f3bebec59a2379a97c1cbca89","sha256":"541c24230a36f00545f7811849eb9b6e7e4a01441bce7d7e06d66ed27878748e","sha512":"acc7a4b65a5465774619f6578bf1a9b89a2071f0244041096f6ce436d6d31d034c216f59ca6bc25fd089e873a4e409a1196d8432e49834c808c5feaf7fd1dc40","ssdeep":"96:7JXxG8wiXyxj6XT9Kd8d9D6+WiBZ0f0w2dVrf2IbbQq:7zouyxj6D9Kudh6Ng0f0w2brf2sJ","tlshash":"9da18d73543b9c737b0dd6a06f2088632405a893e5b78ee7011c79aafb4399780dfa19","first_seen":"2026-05-18T14:22:45.751766Z","last_seen":"2026-06-07T02:15:23.791855Z","times_seen":5,"resource_available":false,"data":null}},"time_used":754,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":754,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/departments5-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/departments5-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 68910\r\nlast-modified: Mon, 11 May 2026 18:13:31 GMT\r\netag: \"6a021c4b-10d2e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68910,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 835x556, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5e2d14e9198b34a2f4b630a00de1faae","sha1":"a1fa2691ff19cfea688668c293a08c7aa3e15a16","sha256":"7e07c05192de10d541dfd1d0aedada505f626c7b1cb2e0f71c47c3d60429b1b3","sha512":"1df5549c316a2a7e12e7af610cd1abdfc4db7cbdb92885f89d82b46489267d2d317f8807cb14e3e52babccd8e62a6a07642fa958c5b99e15c78c2384e06ba5ac","ssdeep":"1536:qjhLlB8Au7Qh10MCtHuBSLzzhiMtCICef5WnH/io:qJ+Au7Qh10Db/fCoWnf/","tlshash":"646302f388f8bb62f2d61447288976a37ca73b5d964610187a736b4ec117be9053878c","first_seen":"2026-05-18T14:22:45.753112Z","last_seen":"2026-06-07T02:15:23.800724Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1775,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1250,"receive":525,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/judge6-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/judge6-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 97632\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-17d60\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":97632,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 610x406, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"aabc962da6897c910e152e6fb63e47c3","sha1":"668b2b3a9e2e9a702b964a52920e16ce9950f926","sha256":"df8b75b030bcb56c25c421c16b52c3a6734919b76b5713a972ccdd9ba0a6f37c","sha512":"9a4e2ea25ab7c34722c904977e668bc8614ebf659bb71bb3edf6fdefaf72a87d54c6939509bebd12586455a3a6a13cd3546a7f6da4caf3052605a1dff700d116","ssdeep":"1536:dsE5h7ZK83box39L/Y2yOYuNURoh4SHnqDgPdAGi00bBM3jUyYB4r8Nwq:dn5wpNYuKuvnqDqfT0bWU4q","tlshash":"b79302f39f335c686db6d281127eaa07811cd76a64fa9203ac967fa351c7b13e402b15","first_seen":"2026-05-18T14:22:45.787265Z","last_seen":"2026-06-07T02:15:23.792408Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1242,"receive":539,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:22.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 06 Jun 2026 12:47:05 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a2416c9-218f\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8591,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"bbc2b63decb677afe8b20d2688514848","sha1":"60b61e8d544b1419780fb09cb045d56bad33013d","sha256":"2cf25b7079bed8f0398a8d35fafc9fdfcbb5ede33a68ca39dfd3d9fa44d50d52","sha512":"c4c41280185cdceaa24cc2451122f63678d55de7d61dd4a3a915fc1580dde51425ed2ffbe74ba775260e4e75e2328f5751cddd63dfd13964f686a19003a3fcd1","ssdeep":"192:gIlrnMZjBPCpnDZ0CPBfE/k1mp6rPlyJzmRF4sArt+:gjmX7Art+","tlshash":"b302752660e3115b283391a66ff3171b6664d507c20bc9a87ecd55cdafc9ac9c8a338c","first_seen":"2026-06-06T23:41:28.927478Z","last_seen":"2026-06-07T02:40:39.464568Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2687,"timings":{"blocked":1215,"dns":695,"connect":255,"send":0,"wait":256,"receive":0,"ssl":262},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/picture/wnspc.png","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/picture/wnspc.png HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-1eb7\"\r\nexpires: Tue, 07 Jul 2026 01:01:24 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7863,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 172 x 60, 8-bit/color RGBA, non-interlaced","md5":"6e6f3e6c749737e6c347ec25d39b3eb1","sha1":"076c805bf394c7996a58202e333827837c8b1378","sha256":"391138ddf53bc321563b3d17fe0f37f5b40efba65fc661dbfa239a2b2184ec65","sha512":"b4621a8e30b49a48b1b13e9582c260b02d42ab2cc2509d59e56cf85028eec3dd165e255dff5c61e689ad8b4eaabe74852185efb2764da5c0ec1133a2ccb02a3d","ssdeep":"192:FQSFq7yL2y34yuuSzYUfBY2kCf9pDnA3+O07Zu86U9S0aN:zFjLX3u1YU5sCzA3hEu86sSLN","tlshash":"26f1ae6b1553fcb469dda7e92063af6082136f48b0077a12fb2b29748135fe5f44aa13","first_seen":"2023-09-28T01:03:26Z","last_seen":"2026-06-07T02:40:39.465183Z","times_seen":473,"resource_available":false,"data":null}},"time_used":766,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":766,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/picture/tycpc.png","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/picture/tycpc.png HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-4d7b\"\r\nexpires: Tue, 07 Jul 2026 01:01:24 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 162 x 60, 8-bit/color RGBA, non-interlaced","md5":"9cccfc8ca4e4f50e4155a906a42666cb","sha1":"6687ef39ed3ba532124b8155234e819655ac0827","sha256":"38fa753bd6894fd8b0fdd94ba7e7bd9da32cb1e58017c44ce0147afba97b4841","sha512":"4e5e74b92841a16efc4cad516894bdaa1eca4ccdca290bcb36bbaa68cbe2011a6d12005f5bc2946532bbddc4e73161589ab3a296a734b78ad12aaa540bed9cca","ssdeep":"384:nC4JlgpsDv49JmGFnsvbCU5jAEVzJ0smbzRgZGme584WLMM0tq5PHcMV:Ccw9J9FybCUTzJ0smbZhwPH5","tlshash":"ba92e1cc99b518a51940f1dc2f338a48cfe9112c29e58776b1d377a2d94ae6f307c60b","first_seen":"2025-02-07T02:11:03.006958Z","last_seen":"2026-06-07T02:40:39.458007Z","times_seen":447,"resource_available":false,"data":null}},"time_used":766,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":766,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/departments2-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/departments2-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 91888\r\nlast-modified: Mon, 11 May 2026 18:13:31 GMT\r\netag: \"6a021c4b-166f0\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":91888,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 712x474, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d3c1359242a55a5df69f006d5de42878","sha1":"223603997f0998da5e982fc74d119c731e616230","sha256":"60e899341ef07555a1ecc70999e2757bce63b7f6066c93e7552e81fb9127c453","sha512":"c0eb468b979a77dba99b728d9c557f22459b4838558916c1da67ba1affbd6c84c2875f5137b374290a7cd10a82c499eb4dedceca32c87d260b34daefe1a053c1","ssdeep":"1536:7wnO46CSXw72GQ/81IqJyUZhF6c7e9aqC1p5t7rSgrlA4WEQAT++7DQldgOFxJWl:MOKazjcIsF6c75PDL7rfjQAKODQleOTA","tlshash":"a393026052f79be1f1829c09943e9c4b54cd203c683ef23c26a620d9599aeb3d45ffd9","first_seen":"2026-05-18T14:22:45.758929Z","last_seen":"2026-06-07T02:15:23.783352Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1775,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1254,"receive":521,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/judge4-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/judge4-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 128062\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-1f43e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":128062,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 670x446, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e86479de16a23d358c965e3d6f03fed8","sha1":"cda20694128e97f3d92a28453f39e5338f5ae642","sha256":"bc1038cfc14f015aef3d50497b193bc67919825a27ee617ffb35db0b3aaf6ca7","sha512":"2255ac4cb4411781e48121986a7b1430198ec81ea8de57a7821c503ac258357362b01e66ac5d6178633b6db2c959fe8abe3110fc8400f95333cf0fe748d63619","ssdeep":"3072:tOkO5xOcgxNCYBnY6qC5y/qm8jXnR07mPaT7AdZ:I950lYk5Fm2R2mPbf","tlshash":"23c312e2b5aa80421d9186f2604bb2cc3c77ca1deb0961991e5305ff7637d9dee58c43","first_seen":"2026-05-18T14:22:45.780675Z","last_seen":"2026-06-07T02:15:23.800093Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1244,"receive":537,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/e/dongpo/tz/tz.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /e/dongpo/tz/tz.js HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 06 Jun 2026 13:02:41 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a241a71-486\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1158,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"bd9a398590c16db262e8f0e3617d41f8","sha1":"38e29470da1dc6dd21bd8c0f710958592fd35eb7","sha256":"dd38ef08ff800826fd7e16d619c28bc4e69941d58f8abd2360532fa5e6343c84","sha512":"7a30a0f0dfdb2f9e566eb517e6ae8491f659e36d681d6313950caa03c9399cff2b2f390a1f76709d489f183ccc28e42059ca13641400db764e08b59e2dcc6e14","ssdeep":"","tlshash":"e3218c7fae630150d11691592bba776c3a3a001b6301c8307abcbe695f42f429447bd4","first_seen":"2026-06-06T23:41:28.920593Z","last_seen":"2026-06-07T02:40:39.430356Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/bootstrap/js/home.js","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/bootstrap/js/home.js HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 14 Jul 2025 11:49:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6874eee6-16aa\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5802,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"16c93ef01acd14ec64c07020d638253e","sha1":"9c7b9d1a61977675c7f128bf2e27093d3cfe37f6","sha256":"f0795e9620ff382d585e15e40f303b394863fc5fa3dbdecd140adcbc4e51ffd2","sha512":"218d41ff60e128ff13105f9d376cfac1b80401527884da7b6179bab1fe8e9aa9e5959873bc5385798c8a5c6fb7aedce8e68b17112833cc16c096e0dc214d35ea","ssdeep":"96:6P7fgtAVMsSMCM1vUrp8KtQJQ1l/2o3RV0uRC6v6qyS+KQkIF:6P7fg+VSVAvUr2KaG1Zd3YuRriqyDKQH","tlshash":"91c1551a62b42433447775bb97af57c477212087b8c6ec393dfcc6080f845aa59f1aea","first_seen":"2025-10-09T23:37:04.756251Z","last_seen":"2026-06-07T05:08:56.703637Z","times_seen":725,"resource_available":true,"data":null}},"time_used":1238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/ico/favicon23.ico","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:23.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/ico/favicon23.ico HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nCookie: __vtins__3GBu1WXZo4Qy48zX=%7B%22sid%22%3A%20%22d939fc71-2d7e-5fd1-92db-8f7a42123489%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201780795883322%2C%20%22ct%22%3A%201780794083322%7D; __51uvsct__3GBu1WXZo4Qy48zX=1; __51vcke__3GBu1WXZo4Qy48zX=b9a8bfe7-453c-50d7-9fc8-0582539cfca1; __51vuft__3GBu1WXZo4Qy48zX=1780794083328\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:23 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nlast-modified: Wed, 09 Jul 2025 03:42:24 GMT\r\netag: \"686de520-423e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16958,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"4622610034c9ac46f7434392cfa14b4c","sha1":"e9ac073ec8821dcea7c56f13c5a3122fbf4d4036","sha256":"9bef82aec6061949c611f9d572ca727a882013a3ec5cda44b9bc5c42309ee1e4","sha512":"a57aa88775273bd0f33dae877201a0409f86f750444549666693e52800d0facb6c785a6749fabec56ca7f0558a3f78cd460ac1ea6afb7d99e36035a2cc80d6aa","ssdeep":"192:9k4MZ3ZI0zTTIfdxLed+ohw9l6asAsASpJktr:HMZ3ZI2TTIfdxL5oesasAsTJkV","tlshash":"83722dfdf91ceedacda35e75a060f2f64704289c9b038201aed80a9f2562d654d327d7","first_seen":"2026-04-25T18:16:25.904096Z","last_seen":"2026-06-07T02:15:23.78195Z","times_seen":13,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/bootstrap/css/bootstrap.min.css","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/bootstrap/css/bootstrap.min.css HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 01 Jul 2025 22:17:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68645e64-38a52\"\r\nexpires: Sun, 07 Jun 2026 13:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232018,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"50c95aae1a6c1e089c11681d1e1906f8","sha1":"a65e4fd8db9bd0440de2d6d73c9e7cd00fce4a8d","sha256":"cd1826581e4f2b80af4f1e05897b316c7698441063cffaefbbdeec382ee4cd72","sha512":"7f0edff9370c8d36fb6e96cb25994ff20d98e17702c85656f2ecbc1ec459b07fd2c1b330d2994a1c51ebf7d0cdde5d3856c60dc2fce27145ffeaababbc8c5bc7","ssdeep":"1536:v9xnXGi9GfJkfvq5wlP7cQZDR9uvV982sYRElV6V6pz600I41r:HnXp9GfrV98II6V6pz600I41r","tlshash":"d03482d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2025-06-19T07:12:41.126365Z","last_seen":"2026-06-07T06:36:07.796136Z","times_seen":1987,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ty691.com/skin/cover/ty691com/judge3-23.webp","fqdn":"ty691.com","domain":"ty691.com","tld":"com"},"ip":{"addr":"168.76.223.165","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ty691.com/","date":"2026-06-07T01:01:21.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ty3369.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 18:35:21 GMT","end":"Sun, 09 Aug 2026 18:35:20 GMT"},"fingerprint":{"sha1":"01:B5:D5:C2:F0:A4:A8:94:2A:C8:0A:31:9B:63:17:CB:6A:BD:14:4D","sha256":"3D:FA:B5:67:D4:D0:11:44:DC:D6:8C:62:A4:DA:15:AB:04:3B:5D:BE:A4:92:43:10:80:A4:3A:85:9C:DE:9E:BD"}}},"request":{"raw":"GET /skin/cover/ty691com/judge3-23.webp HTTP/1.1\r\nHost: ty691.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ty691.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 56246\r\nlast-modified: Mon, 11 May 2026 18:13:32 GMT\r\netag: \"6a021c4c-dbb6\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":56246,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 646x430, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9cb8ce13113035ba6b90824e21efc855","sha1":"d9ae8219b048fba2fcdb127eb307b1b9d3b260b8","sha256":"ddcf11eb3049fa983b48a3e0cf43a418fb9eb1830683abfdb0d755bd2bd42800","sha512":"775e968014c78e7d22d421a0cf6f183944aa192ca9a0f4697d8d3b953aede97a8197b149dd266dadf15c528631626995375813bfcc550ac3b1367fb10372a188","ssdeep":"1536:T5OErVWfuFjYn+kbspbuLKWAsi4C8tqjgC8TjZTZv8Sn:TwErsrnpQqKNB4fo58TjZTZkSn","tlshash":"8d4302e30f63d94a49ae9b7eda2f382deea39b125f15570453f861e30866539c023852","first_seen":"2026-05-18T14:22:45.764821Z","last_seen":"2026-06-07T02:15:23.779795Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1246,"receive":264,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-07","alert":"Phishing Block","trigger":"ty691.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-07","alert":"Sinkholed","trigger":"ty691.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/picture/xpjpc.png","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/picture/xpjpc.png HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-5800\"\r\nexpires: Tue, 07 Jul 2026 01:01:24 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22528,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 183 x 55, 8-bit/color RGBA, non-interlaced","md5":"c53d923594566be7e0e41e8d720c0ac0","sha1":"e16a4b701d10291bbff90178e8b0d5f576e00821","sha256":"021994557d1d9642fdc16a0d8f6e471bec81bea7f366de6ef631f536c165418b","sha512":"554f7d6d44d26905610a65e21bd157ec30fef501c356e97787deca22f9089216f59e284f0effab7b18da89134af594d4ffd5eed889b1b5a4d5a5412456b9832e","ssdeep":"384:QfchEzlZmrXTjUDkJe2tERBxq2ceTdr1lFJ3d2Oo+UQSYJshjRHXvcQ:QfchEzrmrXTjUhP42cKpFJ3lo+UHYa//","tlshash":"fba2e0f1f36ff1b54a924d554cf8e2b080978942e088ee6135cb204acade8d31d993e7","first_seen":"2023-05-07T20:04:35Z","last_seen":"2026-06-07T02:40:39.437079Z","times_seen":589,"resource_available":false,"data":null}},"time_used":765,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":765,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weinisiguanwang.app/static/picture/dfpc.png","fqdn":"weinisiguanwang.app","domain":"weinisiguanwang.app","tld":"app"},"ip":{"addr":"154.204.28.54","port":443,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://weinisiguanwang.app/","date":"2026-06-07T01:01:24.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.weinisiguanwang.app","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 11:51:05 GMT","end":"Fri, 04 Sep 2026 11:51:04 GMT"},"fingerprint":{"sha1":"42:24:88:66:F9:64:6A:A7:CD:6E:D6:41:AC:F1:76:32:23:67:A9:00","sha256":"37:1B:6F:16:FB:7A:9C:0D:87:01:6D:C9:34:D9:61:B1:84:3C:00:83:83:D3:95:3C:ED:93:BC:08:D5:24:2D:D9"}}},"request":{"raw":"GET /static/picture/dfpc.png HTTP/1.1\r\nHost: weinisiguanwang.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://weinisiguanwang.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Jun 2026 01:01:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d8daa-1c49\"\r\nexpires: Tue, 07 Jul 2026 01:01:24 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7241,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 50, 8-bit/color RGBA, non-interlaced","md5":"9ca63936da71d994267413c9b4d62583","sha1":"0083b92ce28904d8c01cca591a852d218c944d3e","sha256":"909c9c1f9b2ee3b6ebe305b395b454cb597ae2b4ad8ec0db3a57c2e678bb685a","sha512":"2c01f6e39b4f8c4ff7d8c2d20640c9d80b50ebb49351d32c4e0263b11abbb721b6af3c4d27c308f6e26d4f9e0c5f08045c0d235b3ef1a587eaa1df578c7c333b","ssdeep":"192:FxLpy98iKPdw9eYyJIoxrBG3GFQVnpq1fw5qDQ/7os:F1pyNIq9e1Zrg3GFQVnp2YsQ/j","tlshash":"78e18e3b8e8c2754c1551385a136fab4d8791ef331f4923e9a257c22dd52ab2c921386","first_seen":"2026-03-01T01:18:02.55958Z","last_seen":"2026-06-07T02:40:39.465835Z","times_seen":306,"resource_available":false,"data":null}},"time_used":766,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":766,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}