{"report_id":"d02306a5-4b0a-484d-b242-a8d57600e107","version":6,"status":"done","tags":[],"date":"2026-05-30T12:31:14Z","url":{"schema":"http","addr":"hc9977.com","fqdn":"hc9977.com","domain":"hc9977.com","tld":"com"},"ip":{"addr":"45.144.136.33","port":0,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"title":"世界杯指定网站（中国区）有限公司","dom":{"size":69213,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (53881)","md5":"93120b5f041b7f336547d10b83b1c7eb","sha1":"2a669642304237283dd3537ca79203671962b5a1","sha256":"0e8c3faabe8e1e7d0d467e18351bb94de976a1d9ae14a0d8a1ac8f52dd38b74d","sha512":"ac7d017cb9b3e3e0758f948e2242d53a903feb60b7b2ef87c1321dd6b4a0a9305a0a93dbc5fa42b0f29effe41a25024a5664fe0ecadc652109f31fd13736fa2f","ssdeep":"1536:R4tHnAS1vuMD2iZg+UU1MxS4N5TRDIWqBG:qg2T8xS4N5TRDIjBG","tlshash":"d863438576c1f403138f0763bf17baf5e52b48aa7184540bf26cb994fba8607d5e19b0","dom_hash":"domhash67259498a841e455259a1f2eae3f54f2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"hc9977.com","fqdn":"hc9977.com","domain":"hc9977.com","tld":"com"},"ip":{"addr":"45.144.136.33","port":0,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-04T12:31:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hc9977.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"hc9977.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hc9977.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hc9977.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"1.21302132.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"hc9977.com","ip":{"addr":"45.144.136.33","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"domain_registered":"2026-01-04","domain_rank":0,"first_seen":"2026-05-30T12:31:15.282123Z","last_seen":"2026-05-30T12:31:15.282123Z","alert_count":4,"request_count":1,"received_data":676,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"node94.aizhantj.com","ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2024-07-29","domain_rank":0,"first_seen":"2025-08-10T13:29:04.56112Z","last_seen":"2026-05-24T06:21:19.040674Z","alert_count":0,"request_count":2,"received_data":36536,"sent_data":1146,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.xieziqi.com","ip":{"addr":"149.104.27.247","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2022-02-06","domain_rank":0,"first_seen":"2022-04-24T06:48:42Z","last_seen":"2026-05-24T18:53:22.190414Z","alert_count":0,"request_count":1,"received_data":345,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"node93.aizhantj.com","ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2024-07-29","domain_rank":2930956,"first_seen":"2025-06-07T21:55:48.499212Z","last_seen":"2026-05-27T01:39:56.369895Z","alert_count":0,"request_count":2,"received_data":36529,"sent_data":1145,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"node96.aizhantj.com","ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2024-07-29","domain_rank":0,"first_seen":"2025-10-14T12:55:07.339111Z","last_seen":"2026-05-26T02:14:35.57769Z","alert_count":0,"request_count":2,"received_data":36533,"sent_data":1146,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"1.21302132.com","ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2024-10-07","domain_rank":0,"first_seen":"2025-05-18T12:30:10.023586Z","last_seen":"2026-05-24T18:53:21.960768Z","alert_count":2,"request_count":2,"received_data":3268,"sent_data":1083,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}]},{"fqdn":"2.82873.com","ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2013-07-13","domain_rank":0,"first_seen":"2025-10-18T07:58:01.328086Z","last_seen":"2026-05-24T18:53:23.117114Z","alert_count":0,"request_count":9,"received_data":249862,"sent_data":4560,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"hg111222.cc","ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"domain_registered":"2025-11-29","domain_rank":0,"first_seen":"2025-11-29T14:03:47.337579Z","last_seen":"2026-05-24T18:53:21.923467Z","alert_count":18,"request_count":18,"received_data":283450,"sent_data":8251,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"ggfm.gzsy12348.com","ip":{"addr":"111.68.15.22","port":443,"asn":45753,"as":"Netsec Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-01-11","domain_rank":0,"first_seen":"2026-02-09T22:05:22.323291Z","last_seen":"2026-05-24T18:53:22.827825Z","alert_count":0,"request_count":1,"received_data":146,"sent_data":412,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"2.82873.com/kj.html?lhc=am","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-30T14:59:17.664377Z","times_seen":677232,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/static/js/jquery1.7.2.min.js","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"98c11854e7b616fd7dbf91b4dc0b95a3","sha1":"8f96c2653eda7d534000a85eaf1c11a5e8a87fe9","sha256":"9f3dc5d41c8ef4a2b25bb72dfa0759ee1cf5b52ce81226553135e6527baa4cd6","sha512":"9797243fcf523dbc72edaf28373e27463030426ab3cbc3a83fd2fcb1b12c403eb8b7c5a4bf29a0710e221f0092c23b9a337c09247806a193b97179ddf38aa6fb","ssdeep":"3072:MejOErZKJURMVe2uSi4zNsgZoM//aijapXKJRCc2Rm1ExK0SawqgRGebsPdfdFaP:lOErZKJURMVe2uSi4zNsLi+pXIC4ExKL","tlshash":"8d043199b6d5207a9533f33ece7fc905f576496b129488467d3ca4a42f3081086bafec","size":178129,"data":"","first_seen":"2023-04-05T01:51:16Z","last_seen":"2026-05-30T12:32:56.646555Z","times_seen":58,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ed4f219850155470bf2b5e4de8f964d5","sha1":"024f32085101a3b9d2206f15ab416ea15d8f048f","sha256":"605766fde67b97327832fdaba440901d291d9cecaa5df2ddec8faa3a4360f52f","sha512":"5d960384eb0231a791b75ce4c69257e578d9d5ba9abfae769fcb5fbb6fb93f3e407eed1a36b6b88b2b990b4e93a854ca621f404f7f57206926ad35ff217b8d0a","ssdeep":"","tlshash":"f1c02b647e514634030840d7303fc7593df329341c25c110469fcc6c6610fc344d1430","size":148,"data":"","first_seen":"2026-02-09T22:05:35.519802Z","last_seen":"2026-05-30T15:45:53.195615Z","times_seen":149,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"node93.aizhantj.com:21233/tjjs/?k=2a5e5xui8up","fqdn":"node93.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"09a6d2cd1df3708118a3554466ab3d02","sha1":"49d70076fb10e9237a789b252f4c9c459ecc6a5e","sha256":"a7338b6c1cc8d762211970dd79ce0345e4e6128d2f951dcabc4431537d1c5586","sha512":"6862c41a04ef5de998d56280a21dc2ce17dba4f857d9c8353eb89e869f1fed650a35e42fa32f9b916047e67531873023184415428ef415befa4232b3fcde2a8a","ssdeep":"768:qkS5kuNczE4rDE93/erWpWdk2pByX5R0N:tSOyczE4rDE93/og+Bk5R2","tlshash":"9df2d7d532ce2536a27670a9d95ff50cf8b9aa1437d9ac44590cc0c46d208ba83ff9bd","size":35464,"data":"","first_seen":"2026-05-30T12:15:06.690906Z","last_seen":"2026-05-30T12:32:56.64592Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/kj.html?lhc=am","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"28f9e5fb57d843823bc53a9232cdb0e3","sha1":"b76ae2691d5ea86e66d1273bec40935803c78ae9","sha256":"6cece0ae5881fd5d8ffffbcdb02a93ece5929d59bb20735c6dedc70079045ac1","sha512":"4f47a57e25ee6ad66f5d6163e409267fd84cdad58cf1dd0a112929d4b88be2bf45568520715bfdb29216d6165bf18918db0e6bcf32509398385536c8b2b1e522","ssdeep":"768:/Eg4QmXBoOQX8eguDUgLNbbOC1vXmHMth6p/nYcWgfjnnV/9dco5dZxFom42PQv6:aHnAS1vuMD2iZg+UU1MxS4N5TRDIWqBn","tlshash":"de431f8576c1f407138f0b73bb17aaf6e42b4ca971c4544bf268b998f4a8607d6e1db0","size":59410,"data":"","first_seen":"2026-03-29T08:37:55.295173Z","last_seen":"2026-05-30T12:32:56.660871Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c5f8bc54b8b95e4d2d683ea12eda5695","sha1":"a82a27934822ee6b075235aa3346413967c1947b","sha256":"2b260c5ef51a911a341815bb0e5a1d6f108815cfc4e1319280e5a2216e65bb57","sha512":"b849bf82537657a39c9a112fb035a29890a6734b089c27da05dfc68326b885734046fea793dc294e17c8c748f9a284ae85ffdf9f229a0a8a939eb3a10d75d444","ssdeep":"","tlshash":"1ac080de3944497117d81477517ac65db4313068551a9021ccdfc8457924ff7845ff4c","size":190,"data":"","first_seen":"2025-05-18T12:30:21.087656Z","last_seen":"2026-05-30T12:32:56.65832Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e2ea870da124f5410f0805ff7c2b3b6c","sha1":"57ec1208fb404a68eb4a082498e7c71742dc961b","sha256":"fc55de81cdca5089d3227cd37bc779fad1539264533fc15446ad60245f334bbb","sha512":"5ae8c29aa103ca0ed07703fd1dc32c247b1cc6bf77be4f85739dac6a54607d22ca8c19572f418aa679078642957dc9767c2b48aecceeabc15c87e7106af695dd","ssdeep":"","tlshash":"ea31e073d38c60270b1244c8d929bf9d518b5235fe535e12be7952eb6fc1e32861268d","size":1455,"data":"","first_seen":"2025-12-19T11:36:30.666132Z","last_seen":"2026-05-30T12:32:56.659348Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"node94.aizhantj.com:21233/tjjs/?k=7s2cq3n2d59","fqdn":"node94.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"65ce08bb8852926874ab7963e32ccd19","sha1":"a8b100b585e1249fcd1060a3d6d0be9b67840b11","sha256":"f5a81a8dfd24b46d79be0023e1eb96bf6c39a90e0f540bf43adfdb429222b9e7","sha512":"fa3099d4dba9d700f7d1ce77e73ae3d592019276db68e0e92059786e5432b7d92fffb7c4ea2b8d90be948882b4bc0985925114e55330fb40defa5c7f21f3f691","ssdeep":"768:4kS5kuNczE4rDE93/lrWpWdk2pByX5R0N:XSOyczE4rDE93/Vg+Bk5R2","tlshash":"eaf2d8d532ce2536a27670a9d95ff50cf8b9aa1437d9ac44590cc0c46d208ba83ff9bd","size":35468,"data":"","first_seen":"2026-05-30T12:15:06.675395Z","last_seen":"2026-05-30T12:32:56.6395Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1.21302132.com/tongji/?v=1.2","fqdn":"1.21302132.com","domain":"21302132.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a134a85b3131ce0b2c7520b22b2a10f1","sha1":"97b71324fd3da0e3d51c13bcec4a87cc43020fba","sha256":"a7fdf086f155bf92a004e4a00557b72d69914a2f0d92be88db766ef95d0f2d65","sha512":"faf5c8ae6a2fe9e3fecd69cc9bbfb995f95a518e9d12cc4258ce23e1e5aa44d964b0d435c357357e8c13a311e7b39a9ad2f94a4c9d5101487993610af3a1ecdb","ssdeep":"","tlshash":"6651df9955a2e3e604b377dfaf6fa303b4654107384bc4263d5c00892f2346be1d87d9","size":2800,"data":"","first_seen":"2025-05-18T12:30:21.04523Z","last_seen":"2026-05-30T12:32:56.657286Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"26f7dd731fcb34df0eb2b1b0c7a9527f","sha1":"e12100361847cacbbad0c50a1085d2352c90ea09","sha256":"07651402e78640c0540da6828a5f7b8a3abdc39b955f7f71dc53c0063ac91298","sha512":"5d989eb4fc623cb8ed4a7945c6755c744f2af14e3f82b5cd44170bd9bbcb9a3338a714bc44e7da3fe8bac25e8c4baf58ae60cc6873aad33bff67e834f8ea40d8","ssdeep":"","tlshash":"f5d0954f3dd004f1f3570069096fd2c970115018288ed5004ccdc5d55d10dd5096d6cc","size":257,"data":"","first_seen":"2026-05-12T14:34:13.985409Z","last_seen":"2026-05-30T12:32:56.659859Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"787f4d6646217ac797efb2d3ba1eb404","sha1":"a298bdd1053e2c6d9c236d1ac4808ce2cb61d717","sha256":"8d2ab60a7b21a6840a05b52a2121ef66eef1bf81ed02bd9c925585f88b4cc4a8","sha512":"293a86836bef074a4d41a9165434c0c78862edba7c90c3ad6e7ff0f41bacc477eea8f1f8507dd93fca4aeb50384d1eeb21dbbc3ce37d1ea9aa601a9f5480a903","ssdeep":"","tlshash":"dad0954f3cc004b5f37700a8086fc249702190153c8ec50144ddc5e69e10dd4095d6cc","size":257,"data":"","first_seen":"2025-10-18T07:58:07.762006Z","last_seen":"2026-05-30T12:32:56.660362Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe376a912a7a8a6b46d6a5ce3d2d54f7","sha1":"288667881c851978eeef5e43ffe66221ea145ea5","sha256":"362a7c8f42160459f3fd6019c497d3186d3972621846a0b5201a0d12d6079945","sha512":"84dc61250f5d98ab46fedb84d9d224aa56088b8a4020869fe906d61a8e845763b12a0e769f35b4f6750588a5970fac2d3be02e7499583112cf33476f75a8bd02","ssdeep":"","tlshash":"b6d0954e3dc018b5f39b08e919ffc249b0215015288fc51044dcc5d65d10de409ed6cc","size":257,"data":"","first_seen":"2025-10-18T07:58:07.77197Z","last_seen":"2026-05-30T12:32:56.661913Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/kj.html?lhc=am","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-30T14:48:58.518172Z","times_seen":226372,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-30T15:05:21.642381Z","times_seen":118826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"node96.aizhantj.com:21233/tjjs/?k=3te8qiofrmb","fqdn":"node96.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e6f7ed4f4ac7de2a247955c0685bd29","sha1":"a487d86d3a8682d541568c171a99a95fab355b71","sha256":"5fd148ef5054febd0c6ceb921b3aad21168098acfe238d6c2398e926d81088c4","sha512":"8ba6984e369f4e6f8585dc4bc73eca449ab7a05173223c59458885f40acbf28d536a9c30ea4e6e3cca31be70888ac31c7add94f4532135b7252d4e76b75c19ee","ssdeep":"768:xAkS5kuNczE4rDE93/DrWpWdk2pByX5R0N:1SOyczE4rDE93//g+Bk5R2","tlshash":"e0f2d8d532ce2536a27670a9d95ff50cf8b9aa1437d9ac44590cc0c46d208ba83ff9bd","size":35467,"data":"","first_seen":"2026-05-30T12:15:06.680091Z","last_seen":"2026-05-30T12:32:56.654779Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"2.82873.com/kj.html?lhc=am","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /kj.html?lhc=am HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-encoding: gzip\r\nlast-modified: Sat, 21 Feb 2026 04:09:19 GMT\r\naccept-ranges: bytes\r\netag: \"8081d4d9e7a2dc1:0\"\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\ncontent-length: 20611\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":68802,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (54316), with CRLF line terminators","md5":"4b16721f00ae710bc1709ecb5f9feacd","sha1":"bc6b512c5d4c5d87d975e7cbc0e2225f6130412f","sha256":"09fc858202b14b2bd9bb712fdaecbd7279620c18b3ef9a0eeb467a5654295b81","sha512":"90c0ef69e666fe48237893dabb745a381dcca52bdc280e17062ceb3d0e932a7097ed67879b760adc04e1de85d0c018f4f66e92342289ecf345eba1fe128a9be5","ssdeep":"768:7rg4QmXBoOQX8eguDUgLNbbOC1vXmHMth6p/nYcWgfjnnV/9dco5dZxFom42PQvV:ZHnAS1vuMD2iZg+UU1MxS4N5TRDIWqBM","tlshash":"0b63438576c1f403139f0763bf17aae5e52b48aa7184140bf2acb985fbb8607d5d2db0","first_seen":"2026-03-29T08:37:55.25544Z","last_seen":"2026-05-30T12:32:56.650721Z","times_seen":20,"resource_available":false,"data":null}},"time_used":2059,"timings":{"blocked":770,"dns":1,"connect":252,"send":0,"wait":255,"receive":252,"ssl":526},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"node94.aizhantj.com:21233/tjjs/?k=7s2cq3n2d59","fqdn":"node94.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:55.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.aizhantj.com","organization":""},"issuer":{"commonName":"Leocert TLS Issuing RSA CA 1","organization":"Leocert LLC"},"validity":{"start":"Tue, 29 Jul 2025 07:48:12 GMT","end":"Sat, 29 Aug 2026 07:48:12 GMT"},"fingerprint":{"sha1":"08:E8:20:3E:64:D6:76:65:C3:01:5A:25:5B:CE:23:E1:04:FF:9D:3A","sha256":"ED:59:41:83:D6:B7:DC:EE:38:8B:4C:EC:A7:BB:DB:86:03:54:41:AF:C0:7D:3F:63:B3:8E:65:A6:75:6E:6C:1B"}}},"request":{"raw":"GET /tjjs/?k=7s2cq3n2d59 HTTP/1.1\r\nHost: node94.aizhantj.com:21233\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\nserver: nginx\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\neo-gtj: 1.0.15\r\nanode: node94-1\r\nage: 0\r\ncache-control: max-age=1802\r\ncontent-length: 12019\r\naccept-ranges: bytes\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\neo-log-uuid: 17983394045557757354\r\neo-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35468,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"65ce08bb8852926874ab7963e32ccd19","sha1":"a8b100b585e1249fcd1060a3d6d0be9b67840b11","sha256":"f5a81a8dfd24b46d79be0023e1eb96bf6c39a90e0f540bf43adfdb429222b9e7","sha512":"fa3099d4dba9d700f7d1ce77e73ae3d592019276db68e0e92059786e5432b7d92fffb7c4ea2b8d90be948882b4bc0985925114e55330fb40defa5c7f21f3f691","ssdeep":"768:4kS5kuNczE4rDE93/lrWpWdk2pByX5R0N:XSOyczE4rDE93/Vg+Bk5R2","tlshash":"eaf2d8d532ce2536a27670a9d95ff50cf8b9aa1437d9ac44590cc0c46d208ba83ff9bd","first_seen":"2026-05-30T12:15:06.675395Z","last_seen":"2026-05-30T12:32:56.6395Z","times_seen":8,"resource_available":true,"data":null}},"time_used":1061,"timings":{"blocked":519,"dns":47,"connect":18,"send":0,"wait":20,"receive":0,"ssl":455},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/jquery1.7.2.min(1).js.%E4%B8%8B%E8%BD%BD","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/jquery1.7.2.min(1).js.%E4%B8%8B%E8%BD%BD HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":311,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"e0949e6a5244f833129eecb67db2d225","sha1":"84afb40b38250446be018a0b6618fe3ee33dd676","sha256":"c1526b6f29e936c91b98c51ff2c98d38d467a51a35897bb79b00ac59c9ece120","sha512":"a1f4910326f0a6a3dd104d9f223651580dfefda710179401e852b17315f6224db4811187496dbf010c2191888f7323e9bb599d82e46528c39de885551d95d157","ssdeep":"","tlshash":"cbe0726c3e12ae28065320b632f7e358e8e3223a2c2ac1100489c85b72867d68dc2321","first_seen":"2026-02-09T22:05:35.509612Z","last_seen":"2026-05-30T12:32:56.648302Z","times_seen":41,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ggfm.gzsy12348.com/qrcode.js","fqdn":"ggfm.gzsy12348.com","domain":"gzsy12348.com","tld":"com"},"ip":{"addr":"111.68.15.22","port":443,"asn":45753,"as":"Netsec Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ggfm.gzsy12348.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 08:19:28 GMT","end":"Tue, 25 Aug 2026 08:19:27 GMT"},"fingerprint":{"sha1":"F1:47:32:0E:60:20:05:C3:40:93:D2:91:B9:E6:52:F7:97:10:38:E1","sha256":"1B:94:07:80:7A:5B:79:20:33:10:AA:A2:01:26:F8:9C:E0:5E:0C:C8:E5:3B:9C:96:8F:3B:EC:CA:19:5E:20:E6"}}},"request":{"raw":"GET /qrcode.js HTTP/1.1\r\nHost: ggfm.gzsy12348.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 0\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-30T15:03:17.857095Z","times_seen":15919531,"resource_available":true,"data":null}},"time_used":1408,"timings":{"blocked":558,"dns":1,"connect":279,"send":0,"wait":278,"receive":0,"ssl":287},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/apikj.php?lx=am\u0026?1780144259153","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:30:59.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /apikj.php?lx=am\u0026?1780144259153 HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: PHP/5.6.40, ASP.NET\r\ndate: Sat, 30 May 2026 12:30:58 GMT\r\ncontent-length: 204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e67d0a96babfa6d3451b1175f404c3ee","sha1":"d735d84368d1dffd17ad00fad623101cf41cc990","sha256":"c7bab083d6a61247509cfb9bd97b14b9f607b0a95728f6e7385577cd7c5a7da5","sha512":"d8c71053a411bce64529751bcdbcf45c34afebb8f286f770dc638eb73aa995788e481bb166655c314d17f8ecbf3a6f794369a7e0be56b5b9731069ef73d100aa","ssdeep":"","tlshash":"eea01240c20870a44013404046653054105be5020390814cb630a5c4994941705113a2","first_seen":"2026-05-29T19:53:28.057344Z","last_seen":"2026-05-30T12:32:56.640985Z","times_seen":11,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/apikj.php?lx=am\u0026?1780144269152","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:31:09.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /apikj.php?lx=am\u0026?1780144269152 HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: PHP/5.6.40, ASP.NET\r\ndate: Sat, 30 May 2026 12:31:09 GMT\r\ncontent-length: 204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e67d0a96babfa6d3451b1175f404c3ee","sha1":"d735d84368d1dffd17ad00fad623101cf41cc990","sha256":"c7bab083d6a61247509cfb9bd97b14b9f607b0a95728f6e7385577cd7c5a7da5","sha512":"d8c71053a411bce64529751bcdbcf45c34afebb8f286f770dc638eb73aa995788e481bb166655c314d17f8ecbf3a6f794369a7e0be56b5b9731069ef73d100aa","ssdeep":"","tlshash":"eea01240c20870a44013404046653054105be5020390814cb630a5c4994941705113a2","first_seen":"2026-05-29T19:53:28.057344Z","last_seen":"2026-05-30T12:32:56.640985Z","times_seen":11,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":492,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hc9977.com/","fqdn":"hc9977.com","domain":"hc9977.com","tld":"com"},"ip":{"addr":"45.144.136.33","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-30T12:30:52.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bbbin.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 10:22:09 GMT","end":"Mon, 15 Jun 2026 10:22:08 GMT"},"fingerprint":{"sha1":"FB:4B:66:1A:F3:92:C3:CA:E2:2C:24:31:36:EE:05:B3:94:2F:87:96","sha256":"B1:97:8A:84:16:D5:16:EE:4C:1F:BC:20:BF:87:DB:E6:BD:2C:50:9D:4A:C8:96:DB:83:D7:CB:EF:2C:7E:5A:F7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: hc9977.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:53 GMT\r\ncontent-type: text/html\r\ncontent-length: 406\r\nlast-modified: Mon, 13 Apr 2026 05:51:16 GMT\r\netag: \"69dc8454-196\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":406,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"4995b6ab54e4e91c5860d714761df436","sha1":"2e2bb1814f001f225baeab4a4437499ab580f5db","sha256":"af722414187377a44c53cb919a15df3886418787aaf8bff4193a55fde941e88a","sha512":"942f4184a695488a1038f2911c8f381346b0491ef890c0219e8ab25d9aa02b03a56b8a19122be1314fb1e6689159412f30b5c01cdf95fc2660a610bdd59e876b","ssdeep":"","tlshash":"26e068d31ab1540e12b082144cd6fd8c9c83146b5e9f4410f9c8a06d0f9abb7c49329c","first_seen":"2026-05-12T14:34:13.946894Z","last_seen":"2026-05-30T12:32:56.654166Z","times_seen":19,"resource_available":true,"data":null}},"time_used":1556,"timings":{"blocked":654,"dns":142,"connect":248,"send":0,"wait":248,"receive":0,"ssl":262},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hc9977.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"hc9977.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hc9977.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hc9977.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/sun138.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /sun138.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 15 Apr 2026 08:49:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69df5102-102df\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":66271,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 90, 8-bit/color RGB, non-interlaced","md5":"4374bce87db77afbdcb03eaba3c6f297","sha1":"de81e86bb8a4827d4fce847b43ad6e39e95b3f69","sha256":"7ce4bf4a9d41ff3e3e5432d95a0de7a33053e8a6d52d24694c7153035304407f","sha512":"1795d3b3590c66106f67cc094fe883338bec8d2acf8ec48c54e512baa29de131e4ae18109d23c77c9a788bc1215197b7940b44f6b4d1d6ab4272b01891535d14","ssdeep":"1536:FTGz7N6IbmAiCp5H63LTiXBvvlfwf3fbRnrMw6HNpzsPbiY:FTK7ZBzH63Lmx1s9nr/6KbiY","tlshash":"685302efe815d72a6348a21275225cda5ef7f40200adf2dfea3714045ae2e50a5d273f","first_seen":"2026-05-12T14:34:13.96217Z","last_seen":"2026-05-30T12:32:56.642385Z","times_seen":19,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":585,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.xingzuo.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.xingzuo.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f4a80-5e2\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1506,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"e7c03c54ca63b695474286a86c6cf472","sha1":"ea7c7417186dc658e8b830144f1eca60282f62ec","sha256":"12d01dbf7a27638b3ef5039b91a959cb3f9465b4d932b09146001fbba4410640","sha512":"5abf46583c0fae456d35def07a1b6e371d456fe6131501c68c7cc1c8f3f179b03ec4de1b82ddda5ec882722259f58bc1edf18048e1c2793b2fd7baf896ff6c01","ssdeep":"","tlshash":"1b31f93a617ce33444e31e1f4c5a98af86ada55f660d094b9076993f37a33f7a502060","first_seen":"2023-05-27T06:40:11Z","last_seen":"2026-05-30T12:32:56.643614Z","times_seen":1175,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/static/js/jquery1.7.2.min.js","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:30:55.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /static/js/jquery1.7.2.min.js HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 22 Feb 2022 06:55:34 GMT\r\naccept-ranges: bytes\r\netag: \"0b74930b927d81:0\"\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\ncontent-length: 40392\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":178129,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1071), with CRLF line terminators","md5":"98c11854e7b616fd7dbf91b4dc0b95a3","sha1":"8f96c2653eda7d534000a85eaf1c11a5e8a87fe9","sha256":"9f3dc5d41c8ef4a2b25bb72dfa0759ee1cf5b52ce81226553135e6527baa4cd6","sha512":"9797243fcf523dbc72edaf28373e27463030426ab3cbc3a83fd2fcb1b12c403eb8b7c5a4bf29a0710e221f0092c23b9a337c09247806a193b97179ddf38aa6fb","ssdeep":"3072:MejOErZKJURMVe2uSi4zNsgZoM//aijapXKJRCc2Rm1ExK0SawqgRGebsPdfdFaP:lOErZKJURMVe2uSi4zNsLi+pXIC4ExKL","tlshash":"8d043199b6d5207a9533f33ece7fc905f576496b129488467d3ca4a42f3081086bafec","first_seen":"2023-04-05T01:51:16Z","last_seen":"2026-05-30T12:32:56.646555Z","times_seen":58,"resource_available":true,"data":null}},"time_used":506,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":253,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.suanming.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.suanming.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f4a80-58d\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1421,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"4c67c63c570396ed22d21331c448f333","sha1":"b7285a2a3aa647b2dc7f14711eae9ac822f3878c","sha256":"3a710cb04f24497761e1b691866a06a9f67731d881e34510f774be7e598eb091","sha512":"fedec66a2fcc2183320fda2c6ba7b23f6b21072388d930d72925d1dd9b3496bfe9800b252a747b7cbd4bfd7d8995661fbeec2e1b93f7dda4172ef2465dfebf8b","ssdeep":"","tlshash":"f921c6f544733eb11cf9703b8faea0d2c108624b951c13700436665b53b2b8e046cfb5","first_seen":"2023-05-27T06:40:11Z","last_seen":"2026-05-30T12:32:56.651895Z","times_seen":1174,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xieziqi.com/copyright.php","fqdn":"www.xieziqi.com","domain":"xieziqi.com","tld":"com"},"ip":{"addr":"149.104.27.247","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:30:56.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"19760.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 09:53:27 GMT","end":"Sat, 25 Jul 2026 09:53:26 GMT"},"fingerprint":{"sha1":"F7:1C:56:5E:28:4C:C0:C9:FC:0E:8B:6D:C1:E5:6D:BB:55:B7:73:80","sha256":"10:5D:29:DF:A2:E1:EC:14:2F:AE:9A:DF:E8:63:9B:A7:74:7B:2C:DD:FF:19:D7:2B:09:54:F7:3A:30:84:AF:2B"}}},"request":{"raw":"GET /copyright.php HTTP/1.1\r\nHost: www.xieziqi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://2.82873.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,POST\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"5fccce9b01bd45d23bf1ccf1ad3f5169","sha1":"315c6facbb1a611b2edfd2ffd58f683a666462ea","sha256":"ae0523c433d1ca356f2f2c403ab8a54287d96a868ee1f295aa8557c018b132cb","sha512":"1042c6cc77a2ab3d8dcd287386f62ccce23abbc90a9be3dc61d6db510b302380b9146037b132ece181c7ab1104171b778352c91418e4cb08f48b328fcfb2d267","ssdeep":"","tlshash":"4460000000cc000c0000c000000c000cc00f0c000000000000033c0003000f03000c00","first_seen":"2025-04-19T04:59:44.701199Z","last_seen":"2026-05-30T12:32:56.653528Z","times_seen":31,"resource_available":false,"data":null}},"time_used":1246,"timings":{"blocked":500,"dns":1,"connect":245,"send":0,"wait":246,"receive":0,"ssl":250},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/apikj.php?lx=am\u0026?1780144271153","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:31:11.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /apikj.php?lx=am\u0026?1780144271153 HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: PHP/5.6.40, ASP.NET\r\ndate: Sat, 30 May 2026 12:31:11 GMT\r\ncontent-length: 204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e67d0a96babfa6d3451b1175f404c3ee","sha1":"d735d84368d1dffd17ad00fad623101cf41cc990","sha256":"c7bab083d6a61247509cfb9bd97b14b9f607b0a95728f6e7385577cd7c5a7da5","sha512":"d8c71053a411bce64529751bcdbcf45c34afebb8f286f770dc638eb73aa995788e481bb166655c314d17f8ecbf3a6f794369a7e0be56b5b9731069ef73d100aa","ssdeep":"","tlshash":"eea01240c20870a44013404046653054105be5020390814cb630a5c4994941705113a2","first_seen":"2026-05-29T19:53:28.057344Z","last_seen":"2026-05-30T12:32:56.640985Z","times_seen":11,"resource_available":false,"data":null}},"time_used":491,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":491,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/layer.css","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/layer.css HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 03 Aug 2025 11:39:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f4a72-381f\"\r\nexpires: Sun, 31 May 2026 00:30:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14367,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14367), with no line terminators","md5":"3d2e0d91c5c0b96abb8dbdc2234aba77","sha1":"9d55e153b30fd7414fada5718e20918e9c7f65e7","sha256":"e3144d018a6a24f733c6fc2a2ee603fb583f0030585e9d4b71bec471b78e31fc","sha512":"42bf3eff281998d088ce012b9a5910f72951c91715595572bb968fbfc5fa2b1cddacef3ca683a1734eb41114b302b6a4dad8b7432c5877b3563a080a2547ae05","ssdeep":"96:mp+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:1WmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU","tlshash":"2e5221e144811299b0278721d6dc7eba32f88d43e5630daef257381f874c6dba2b6647","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-05-30T15:37:57.501734Z","times_seen":6430,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.huoche.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.huoche.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 745\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\netag: \"688f4a80-2e9\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":745,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"0d58df55376773d373e201aaa32f6a9c","sha1":"5ab58d70b3c80861bee182526a9f57fd701c70b2","sha256":"7d2150c88a15e1d14561388f9b4c5eb6bdcaab9a4a17fd4dfa023c700585de27","sha512":"eae3200cde710918f5e23a0f2adb130488e0bf5abd7f17261bd4440d641a3c9f23ed6a3ca8297d03e9a26f10e86a160b688383ce76e13fec9ee806f66ebbf754","ssdeep":"","tlshash":"a30115f33727b875e945cb781048250df6173909623113e8d439aa69fa12a6b028ae55","first_seen":"2023-05-27T06:40:10Z","last_seen":"2026-05-30T12:32:56.642993Z","times_seen":1194,"resource_available":false,"data":null}},"time_used":774,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.kuaidi.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.kuaidi.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f4a80-149e\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5278,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"32a70795f6122d340ad07af61e03e0c3","sha1":"994425391f738e7972f55d82ded61ab194e79a29","sha256":"f7ea75bfb12c94a678c31b061c8544aaf5638dd39a7051fc32dc6c0f5f93f78f","sha512":"180189c95c635f28b8bf2a9d25316295d88dab6ab4921671e595f5fad44824d4be741da6bb05200e2dbb7864f63d594c82997f429e50abcdfa4341570bd82320","ssdeep":"96:EJC29NqJSr/h466eI0TY/qE7nb4gpQtXENHQTsD05x3phW+7rc8U:EY29Nog+eTE/p4UQtUeTs45Zpg","tlshash":"e9b19e9ebbb231d8f7325799572a2104f3de12534d0b5a1f9d096ef862d6806648c2c2","first_seen":"2023-05-27T06:40:11Z","last_seen":"2026-05-30T12:32:56.656735Z","times_seen":1163,"resource_available":false,"data":null}},"time_used":579,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":579,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"node93.aizhantj.com:21233/tjjs/?k=2a5e5xui8up","fqdn":"node93.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:55.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.aizhantj.com","organization":""},"issuer":{"commonName":"Leocert TLS Issuing RSA CA 1","organization":"Leocert LLC"},"validity":{"start":"Tue, 29 Jul 2025 07:48:12 GMT","end":"Sat, 29 Aug 2026 07:48:12 GMT"},"fingerprint":{"sha1":"08:E8:20:3E:64:D6:76:65:C3:01:5A:25:5B:CE:23:E1:04:FF:9D:3A","sha256":"ED:59:41:83:D6:B7:DC:EE:38:8B:4C:EC:A7:BB:DB:86:03:54:41:AF:C0:7D:3F:63:B3:8E:65:A6:75:6E:6C:1B"}}},"request":{"raw":"GET /tjjs/?k=2a5e5xui8up HTTP/1.1\r\nHost: node93.aizhantj.com:21233\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\neo-gtj: 1.0.15\r\nserver: nginx, Aztj(node93-1)\r\nage: 0\r\ncache-control: max-age=1802\r\ncontent-length: 12015\r\naccept-ranges: bytes\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\neo-log-uuid: 6428048760118182916\r\neo-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35464,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"09a6d2cd1df3708118a3554466ab3d02","sha1":"49d70076fb10e9237a789b252f4c9c459ecc6a5e","sha256":"a7338b6c1cc8d762211970dd79ce0345e4e6128d2f951dcabc4431537d1c5586","sha512":"6862c41a04ef5de998d56280a21dc2ce17dba4f857d9c8353eb89e869f1fed650a35e42fa32f9b916047e67531873023184415428ef415befa4232b3fcde2a8a","ssdeep":"768:qkS5kuNczE4rDE93/erWpWdk2pByX5R0N:tSOyczE4rDE93/og+Bk5R2","tlshash":"9df2d7d532ce2536a27670a9d95ff50cf8b9aa1437d9ac44590cc0c46d208ba83ff9bd","first_seen":"2026-05-30T12:15:06.690906Z","last_seen":"2026-05-30T12:32:56.64592Z","times_seen":8,"resource_available":true,"data":null}},"time_used":1064,"timings":{"blocked":520,"dns":47,"connect":18,"send":0,"wait":20,"receive":1,"ssl":456},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"node96.aizhantj.com:21233/tjpv/?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1375548388\u0026si=3te8qiofrmb\u0026su=https%3A%2F%2Fhc9977.com%2F\u0026v=25.01.26\u0026lv=1\u0026api=0\u0026sn=17051\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fhg111222.cc%2F\u0026lvt=1780144256\u0026tf=1780144256\u0026ej=1","fqdn":"node96.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:55.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.aizhantj.com","organization":""},"issuer":{"commonName":"Leocert TLS Issuing RSA CA 1","organization":"Leocert LLC"},"validity":{"start":"Tue, 29 Jul 2025 07:48:12 GMT","end":"Sat, 29 Aug 2026 07:48:12 GMT"},"fingerprint":{"sha1":"08:E8:20:3E:64:D6:76:65:C3:01:5A:25:5B:CE:23:E1:04:FF:9D:3A","sha256":"ED:59:41:83:D6:B7:DC:EE:38:8B:4C:EC:A7:BB:DB:86:03:54:41:AF:C0:7D:3F:63:B3:8E:65:A6:75:6E:6C:1B"}}},"request":{"raw":"GET /tjpv/?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1375548388\u0026si=3te8qiofrmb\u0026su=https%3A%2F%2Fhc9977.com%2F\u0026v=25.01.26\u0026lv=1\u0026api=0\u0026sn=17051\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fhg111222.cc%2F\u0026lvt=1780144256\u0026tf=1780144256\u0026ej=1 HTTP/1.1\r\nHost: node96.aizhantj.com:21233\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://hg111222.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS\r\nset-cookie: _aztj_sess=fr7bdf19tp1954qbqsqroi6oq1; expires=Sat, 13 Jun 2026 12:30:56 GMT; Max-Age=1209600; path=/; secure; SameSite=None\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\nx-mtj-pc: 29\r\nx-mtj-ml: 1\r\nserver: nginx, Aztj(node96-1)\r\ncontent-encoding: gzip\r\nage: 0\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\neo-log-uuid: 12411862946623561115\r\neo-cache-status: MISS\r\ncache-control: max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-05-30T15:03:17.661476Z","times_seen":685975,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":773,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/apikj.php?lx=am\u0026?1780144261151","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:31:01.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /apikj.php?lx=am\u0026?1780144261151 HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: PHP/5.6.40, ASP.NET\r\ndate: Sat, 30 May 2026 12:31:01 GMT\r\ncontent-length: 204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e67d0a96babfa6d3451b1175f404c3ee","sha1":"d735d84368d1dffd17ad00fad623101cf41cc990","sha256":"c7bab083d6a61247509cfb9bd97b14b9f607b0a95728f6e7385577cd7c5a7da5","sha512":"d8c71053a411bce64529751bcdbcf45c34afebb8f286f770dc638eb73aa995788e481bb166655c314d17f8ecbf3a6f794369a7e0be56b5b9731069ef73d100aa","ssdeep":"","tlshash":"eea01240c20870a44013404046653054105be5020390814cb630a5c4994941705113a2","first_seen":"2026-05-29T19:53:28.057344Z","last_seen":"2026-05-30T12:32:56.640985Z","times_seen":11,"resource_available":false,"data":null}},"time_used":502,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":502,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/apikj.php?lx=am\u0026?1780144267152","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:31:07.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /apikj.php?lx=am\u0026?1780144267152 HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: PHP/5.6.40, ASP.NET\r\ndate: Sat, 30 May 2026 12:31:06 GMT\r\ncontent-length: 204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e67d0a96babfa6d3451b1175f404c3ee","sha1":"d735d84368d1dffd17ad00fad623101cf41cc990","sha256":"c7bab083d6a61247509cfb9bd97b14b9f607b0a95728f6e7385577cd7c5a7da5","sha512":"d8c71053a411bce64529751bcdbcf45c34afebb8f286f770dc638eb73aa995788e481bb166655c314d17f8ecbf3a6f794369a7e0be56b5b9731069ef73d100aa","ssdeep":"","tlshash":"eea01240c20870a44013404046653054105be5020390814cb630a5c4994941705113a2","first_seen":"2026-05-29T19:53:28.057344Z","last_seen":"2026-05-30T12:32:56.640985Z","times_seen":11,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/0068.JPG","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /0068.JPG HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 17 Nov 2025 04:13:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691aa0e9-137f1\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79857,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1000x90, components 3","md5":"dee90db3c60d3aba7040c02f520c6b63","sha1":"9e6369087ebf20fbd03d6c7e69588a4482b88452","sha256":"5872727d3d6de59db5185ed7bf568355aaa217b2265f19e35e30675e4d34e068","sha512":"e796a6a46c82d6e13ad9d15a9abf408ac938059fe126ef1fdc1144355f8f45c42d602513cfb04d7559ef79699b6785690c1ea7d47fce202451bfaa5c1307e50d","ssdeep":"1536:SoZztkz5b0STeyPiBIwYBgkJj2d83A3obWXL65ZYZI079FmUVKGK:VLmPlwYa8j26k6qZI0rTVlK","tlshash":"d97302a75b2d434ce92f6776806612a18e82615f2bc8f65d9fdc4c62074d6b62f0f2f0","first_seen":"2025-11-29T14:03:55.91703Z","last_seen":"2026-05-30T12:32:56.635639Z","times_seen":30,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"node96.aizhantj.com:21233/tjjs/?k=3te8qiofrmb","fqdn":"node96.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:55.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.aizhantj.com","organization":""},"issuer":{"commonName":"Leocert TLS Issuing RSA CA 1","organization":"Leocert LLC"},"validity":{"start":"Tue, 29 Jul 2025 07:48:12 GMT","end":"Sat, 29 Aug 2026 07:48:12 GMT"},"fingerprint":{"sha1":"08:E8:20:3E:64:D6:76:65:C3:01:5A:25:5B:CE:23:E1:04:FF:9D:3A","sha256":"ED:59:41:83:D6:B7:DC:EE:38:8B:4C:EC:A7:BB:DB:86:03:54:41:AF:C0:7D:3F:63:B3:8E:65:A6:75:6E:6C:1B"}}},"request":{"raw":"GET /tjjs/?k=3te8qiofrmb HTTP/1.1\r\nHost: node96.aizhantj.com:21233\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\neo-gtj: 1.0.15\r\nserver: nginx, Aztj(node96-1)\r\nage: 0\r\ncache-control: max-age=1802\r\ncontent-length: 12020\r\naccept-ranges: bytes\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\neo-log-uuid: 15142765956477485406\r\neo-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35467,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"3e6f7ed4f4ac7de2a247955c0685bd29","sha1":"a487d86d3a8682d541568c171a99a95fab355b71","sha256":"5fd148ef5054febd0c6ceb921b3aad21168098acfe238d6c2398e926d81088c4","sha512":"8ba6984e369f4e6f8585dc4bc73eca449ab7a05173223c59458885f40acbf28d536a9c30ea4e6e3cca31be70888ac31c7add94f4532135b7252d4e76b75c19ee","ssdeep":"768:xAkS5kuNczE4rDE93/DrWpWdk2pByX5R0N:1SOyczE4rDE93//g+Bk5R2","tlshash":"e0f2d8d532ce2536a27670a9d95ff50cf8b9aa1437d9ac44590cc0c46d208ba83ff9bd","first_seen":"2026-05-30T12:15:06.680091Z","last_seen":"2026-05-30T12:32:56.654779Z","times_seen":8,"resource_available":true,"data":null}},"time_used":1015,"timings":{"blocked":495,"dns":47,"connect":17,"send":0,"wait":20,"receive":3,"ssl":430},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/favicon.ico","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:56.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nCookie: Hm_tf_3te8qiofrmb=1780144256; Hm_lvt_3te8qiofrmb=1780144256; Hm_lpvt_3te8qiofrmb=1780144256; Hm_tf_2a5e5xui8up=1780144256; Hm_lvt_2a5e5xui8up=1780144256; Hm_lpvt_2a5e5xui8up=1780144256; Hm_tf_7s2cq3n2d59=1780144256; Hm_lvt_7s2cq3n2d59=1780144256; Hm_lpvt_7s2cq3n2d59=1780144256; _CLTJ_faa4=gk1b8q3siV\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:56 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":311,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"e0949e6a5244f833129eecb67db2d225","sha1":"84afb40b38250446be018a0b6618fe3ee33dd676","sha256":"c1526b6f29e936c91b98c51ff2c98d38d467a51a35897bb79b00ac59c9ece120","sha512":"a1f4910326f0a6a3dd104d9f223651580dfefda710179401e852b17315f6224db4811187496dbf010c2191888f7323e9bb599d82e46528c39de885551d95d157","ssdeep":"","tlshash":"cbe0726c3e12ae28065320b632f7e358e8e3223a2c2ac1100489c85b72867d68dc2321","first_seen":"2026-02-09T22:05:35.509612Z","last_seen":"2026-05-30T12:32:56.648302Z","times_seen":41,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.feiji.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.feiji.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 963\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\netag: \"688f4a80-3c3\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":963,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"13f094857d419ee543a1aa5a7caca62e","sha1":"5722a23b2c2e4ac2b49ac80b1bcfeb75ade749ff","sha256":"94fd2fe2d17a61c3f96d82fa8f7d3c91797f42ee1c337ef52b7108eb47325a16","sha512":"477e2c4608b565f9f12d89ee10a747266004d4cf9aa8eb32d9a42b8f1160fb110cb2c7f9335423c5de7e34981bc944543b2cfaabd15176b3ca312f28ae2f3465","ssdeep":"","tlshash":"4a118841187a2d36dd69ad76a925e3e2edb208d7cd8cd2277113f4e44e2dc8d852c234","first_seen":"2023-05-27T06:40:11Z","last_seen":"2026-05-30T12:32:56.650159Z","times_seen":1188,"resource_available":false,"data":null}},"time_used":772,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":582,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1.21302132.com/tongji/?v=1.2","fqdn":"1.21302132.com","domain":"21302132.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.21302132.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 18:33:04 GMT","end":"Fri, 31 Jul 2026 18:33:03 GMT"},"fingerprint":{"sha1":"C2:C7:D1:31:F4:05:12:BD:7B:81:23:B3:A6:9E:B5:94:AF:A9:59:2C","sha256":"DF:E3:51:7A:D6:10:15:F3:04:BE:A0:90:E9:9F:27:60:68:E2:E7:AF:D6:49:75:2C:24:63:3B:05:8F:0E:45:4D"}}},"request":{"raw":"GET /tongji/?v=1.2 HTTP/1.1\r\nHost: 1.21302132.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ClassCMS, ASP.NET\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\ncontent-length: 1073\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":2800,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"a134a85b3131ce0b2c7520b22b2a10f1","sha1":"97b71324fd3da0e3d51c13bcec4a87cc43020fba","sha256":"a7fdf086f155bf92a004e4a00557b72d69914a2f0d92be88db766ef95d0f2d65","sha512":"faf5c8ae6a2fe9e3fecd69cc9bbfb995f95a518e9d12cc4258ce23e1e5aa44d964b0d435c357357e8c13a311e7b39a9ad2f94a4c9d5101487993610af3a1ecdb","ssdeep":"","tlshash":"6651df9955a2e3e604b377dfaf6fa303b4654107384bc4263d5c00892f2346be1d87d9","first_seen":"2025-05-18T12:30:21.04523Z","last_seen":"2026-05-30T12:32:56.657286Z","times_seen":61,"resource_available":true,"data":null}},"time_used":1916,"timings":{"blocked":817,"dns":1,"connect":268,"send":0,"wait":282,"receive":0,"ssl":545},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"1.21302132.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/apikj.php?lx=am\u0026?1780144265152","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:31:05.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /apikj.php?lx=am\u0026?1780144265152 HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: PHP/5.6.40, ASP.NET\r\ndate: Sat, 30 May 2026 12:31:04 GMT\r\ncontent-length: 204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e67d0a96babfa6d3451b1175f404c3ee","sha1":"d735d84368d1dffd17ad00fad623101cf41cc990","sha256":"c7bab083d6a61247509cfb9bd97b14b9f607b0a95728f6e7385577cd7c5a7da5","sha512":"d8c71053a411bce64529751bcdbcf45c34afebb8f286f770dc638eb73aa995788e481bb166655c314d17f8ecbf3a6f794369a7e0be56b5b9731069ef73d100aa","ssdeep":"","tlshash":"eea01240c20870a44013404046653054105be5020390814cb630a5c4994941705113a2","first_seen":"2026-05-29T19:53:28.057344Z","last_seen":"2026-05-30T12:32:56.640985Z","times_seen":11,"resource_available":false,"data":null}},"time_used":507,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":507,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-30T12:30:53.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hc9977.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 07 May 2026 02:43:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69fbfc58-826c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33553,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (890)","md5":"ce8749d1cd1defd9e12f6bac9cd7908e","sha1":"99c8a25a1481d6ade4fda43cb2a3cb6f564ecc48","sha256":"5d7040422f7b5fad21cd628d92bbe6318a3caf4dbc09a846938ed371f20e1770","sha512":"40152bdb5d69d2d3ef4732474a16307317270310647691820b7a07fad2f2e49eb929cf076841775d0782daf20dfc8d2c34f7b35fcd0257b284230e96a56dba67","ssdeep":"384:5Yhn6IwOM4jnJRZFIAptHAnNzPG0w3sbu9OQ2UPktR/zvlIJQ4j2ZOPavflwSZWJ:YnLoZtmBlXZuW","tlshash":"6fe238f2038c6d2d4741a3836868725c407f5e76e8b1d9e3b4bb1826f9816e29d1d1ef","first_seen":"2026-05-24T18:53:33.948325Z","last_seen":"2026-05-30T12:32:56.65604Z","times_seen":11,"resource_available":true,"data":null}},"time_used":992,"timings":{"blocked":398,"dns":1,"connect":194,"send":0,"wait":194,"receive":0,"ssl":201},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/index.css","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/index.css HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 03 Aug 2025 11:39:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f4a72-561f\"\r\nexpires: Sun, 31 May 2026 00:30:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22047,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"3641505e58b45fd902c1429f9a3fbd23","sha1":"15936210f7fcc67b5802089d5083e7c5b9ee893e","sha256":"f535479bd51e6e143ac6748fa37851b6bcada95546f56a48298e76826588a494","sha512":"710b7bd8aec6f1bbf5448d25e75176cfdcaf788fe625420325eadbd0ac00c055d441619f685e1354bb862558440c40704851517b617fdcaa33e34fa7c43a9d1b","ssdeep":"384:kUwkxy6zDBVbSVYo3pSBQPknw6AJFuhlDoj4AJlO8SouJhJTMwoCPBAeqt5lxA/7:Zx5zDPbSDZSBQ4w5J4hB6HJlO8SfJhJ7","tlshash":"fca29739ca94208d73134a1b7fb07ec96ddcc4a1de4b4f5ef653fea896cb58a1822140","first_seen":"2025-10-18T07:58:07.54172Z","last_seen":"2026-05-30T12:32:56.648881Z","times_seen":32,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.tianqi.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.tianqi.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 935\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\netag: \"688f4a80-3a7\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":935,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"084e7bb761512af87abaed51c4b3d0c0","sha1":"74a7270943f1875b82bd8beafb19854610fa5398","sha256":"328895a93b43f93c1cdbef7fe0b537a3bdad8ae1f4350b16aaabfccff1bd857c","sha512":"74ba3e56f87d144cdd22a94749a430a3bc63f5d9c88d7cf2c98753cab7c7db7feb4d2b1e76e860820707de9075718942e79cdd46c3672c4e16b7d4bea609626a","ssdeep":"","tlshash":"5b1194c97a2be9515d1f0076842282b9fd069aca20e1e2bc4687cc37205655dcba2f92","first_seen":"2023-05-27T06:40:11Z","last_seen":"2026-05-30T12:32:56.636532Z","times_seen":1194,"resource_available":false,"data":null}},"time_used":774,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"node93.aizhantj.com:21233/tjpv/?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=776783510\u0026si=2a5e5xui8up\u0026su=https%3A%2F%2Fhc9977.com%2F\u0026v=25.01.26\u0026lv=1\u0026api=0\u0026sn=17051\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fhg111222.cc%2F\u0026lvt=1780144256\u0026tf=1780144256\u0026ej=1","fqdn":"node93.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:55.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.aizhantj.com","organization":""},"issuer":{"commonName":"Leocert TLS Issuing RSA CA 1","organization":"Leocert LLC"},"validity":{"start":"Tue, 29 Jul 2025 07:48:12 GMT","end":"Sat, 29 Aug 2026 07:48:12 GMT"},"fingerprint":{"sha1":"08:E8:20:3E:64:D6:76:65:C3:01:5A:25:5B:CE:23:E1:04:FF:9D:3A","sha256":"ED:59:41:83:D6:B7:DC:EE:38:8B:4C:EC:A7:BB:DB:86:03:54:41:AF:C0:7D:3F:63:B3:8E:65:A6:75:6E:6C:1B"}}},"request":{"raw":"GET /tjpv/?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=776783510\u0026si=2a5e5xui8up\u0026su=https%3A%2F%2Fhc9977.com%2F\u0026v=25.01.26\u0026lv=1\u0026api=0\u0026sn=17051\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fhg111222.cc%2F\u0026lvt=1780144256\u0026tf=1780144256\u0026ej=1 HTTP/1.1\r\nHost: node93.aizhantj.com:21233\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://hg111222.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS\r\nset-cookie: _aztj_sess=6lodlfgloia67b4csest275ss7; expires=Sat, 13 Jun 2026 12:30:57 GMT; Max-Age=1209600; path=/; secure; SameSite=None\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\nx-mtj-pc: 29\r\nx-mtj-ml: 1\r\nserver: nginx, Aztj(node93-1)\r\ncontent-encoding: gzip\r\nage: 0\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\neo-log-uuid: 18214129622517369497\r\neo-cache-status: MISS\r\ncache-control: max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-05-30T15:03:17.661476Z","times_seen":685975,"resource_available":true,"data":null}},"time_used":1971,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1971,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1.21302132.com/tongji/ajax/?hash=dfs38U9MaU\u0026url=https%3A%2F%2Fhg111222.cc%2F\u0026referer=https%3A%2F%2Fhc9977.com%2F\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026u=gk1b8q3siV\u0026rnd=0.4249740084454623","fqdn":"1.21302132.com","domain":"21302132.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:55.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.21302132.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 18:33:04 GMT","end":"Fri, 31 Jul 2026 18:33:03 GMT"},"fingerprint":{"sha1":"C2:C7:D1:31:F4:05:12:BD:7B:81:23:B3:A6:9E:B5:94:AF:A9:59:2C","sha256":"DF:E3:51:7A:D6:10:15:F3:04:BE:A0:90:E9:9F:27:60:68:E2:E7:AF:D6:49:75:2C:24:63:3B:05:8F:0E:45:4D"}}},"request":{"raw":"GET /tongji/ajax/?hash=dfs38U9MaU\u0026url=https%3A%2F%2Fhg111222.cc%2F\u0026referer=https%3A%2F%2Fhc9977.com%2F\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026u=gk1b8q3siV\u0026rnd=0.4249740084454623 HTTP/1.1\r\nHost: 1.21302132.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://hg111222.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\nserver: Microsoft-IIS/10.0\r\naccess-control-allow-origin: *\r\nx-powered-by: ClassCMS, ASP.NET\r\ndate: Sat, 30 May 2026 12:30:56 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-30T15:03:17.857095Z","times_seen":15919531,"resource_available":true,"data":null}},"time_used":1849,"timings":{"blocked":786,"dns":1,"connect":258,"send":0,"wait":276,"receive":0,"ssl":526},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"1.21302132.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2.82873.com/apikj.php?lx=am\u0026?1780144263152","fqdn":"2.82873.com","domain":"82873.com","tld":"com"},"ip":{"addr":"103.163.208.152","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2.82873.com/kj.html?lhc=am","date":"2026-05-30T12:31:03.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"1.82873.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 18:32:14 GMT","end":"Fri, 10 Jul 2026 18:32:13 GMT"},"fingerprint":{"sha1":"12:50:0B:7A:99:D8:C2:6B:3E:B8:46:0A:91:6D:37:B4:F8:F3:0E:A0","sha256":"95:F1:E7:5B:23:92:D1:10:80:91:B8:B5:E7:27:8C:05:DA:33:B8:A5:1E:01:E2:5F:9C:26:02:1C:79:DD:37:8D"}}},"request":{"raw":"GET /apikj.php?lx=am\u0026?1780144263152 HTTP/1.1\r\nHost: 2.82873.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2.82873.com/kj.html?lhc=am\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: PHP/5.6.40, ASP.NET\r\ndate: Sat, 30 May 2026 12:31:02 GMT\r\ncontent-length: 204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e67d0a96babfa6d3451b1175f404c3ee","sha1":"d735d84368d1dffd17ad00fad623101cf41cc990","sha256":"c7bab083d6a61247509cfb9bd97b14b9f607b0a95728f6e7385577cd7c5a7da5","sha512":"d8c71053a411bce64529751bcdbcf45c34afebb8f286f770dc638eb73aa995788e481bb166655c314d17f8ecbf3a6f794369a7e0be56b5b9731069ef73d100aa","ssdeep":"","tlshash":"eea01240c20870a44013404046653054105be5020390814cb630a5c4994941705113a2","first_seen":"2026-05-29T19:53:28.057344Z","last_seen":"2026-05-30T12:32:56.640985Z","times_seen":11,"resource_available":false,"data":null}},"time_used":494,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":494,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"node94.aizhantj.com:21233/tjpv/?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1849478163\u0026si=7s2cq3n2d59\u0026su=https%3A%2F%2Fhc9977.com%2F\u0026v=25.01.26\u0026lv=1\u0026api=0\u0026sn=17051\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fhg111222.cc%2F\u0026lvt=1780144256\u0026tf=1780144256\u0026ej=1","fqdn":"node94.aizhantj.com","domain":"aizhantj.com","tld":"com"},"ip":{"addr":"43.174.27.154","port":21233,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:55.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.aizhantj.com","organization":""},"issuer":{"commonName":"Leocert TLS Issuing RSA CA 1","organization":"Leocert LLC"},"validity":{"start":"Tue, 29 Jul 2025 07:48:12 GMT","end":"Sat, 29 Aug 2026 07:48:12 GMT"},"fingerprint":{"sha1":"08:E8:20:3E:64:D6:76:65:C3:01:5A:25:5B:CE:23:E1:04:FF:9D:3A","sha256":"ED:59:41:83:D6:B7:DC:EE:38:8B:4C:EC:A7:BB:DB:86:03:54:41:AF:C0:7D:3F:63:B3:8E:65:A6:75:6E:6C:1B"}}},"request":{"raw":"GET /tjpv/?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1849478163\u0026si=7s2cq3n2d59\u0026su=https%3A%2F%2Fhc9977.com%2F\u0026v=25.01.26\u0026lv=1\u0026api=0\u0026sn=17051\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fhg111222.cc%2F\u0026lvt=1780144256\u0026tf=1780144256\u0026ej=1 HTTP/1.1\r\nHost: node94.aizhantj.com:21233\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://hg111222.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS\r\nset-cookie: _aztj_sess=lee45d6dj4lc8s4iven4kbgb6n; expires=Sat, 13 Jun 2026 12:30:55 GMT; Max-Age=1209600; path=/; secure; SameSite=None\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\nx-mtj-pc: 29\r\nx-mtj-ml: 1\r\nanode: node94-1\r\ncontent-encoding: gzip\r\nage: 0\r\ndate: Sat, 30 May 2026 12:30:55 GMT\r\neo-log-uuid: 15968036593043121448\r\neo-cache-status: MISS\r\ncache-control: max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-05-30T15:03:17.661476Z","times_seen":685975,"resource_available":true,"data":null}},"time_used":310,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.jiemeng.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.jiemeng.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 994\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\netag: \"688f4a80-3e2\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":994,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"b8e70e0b29e12b622076fddf4379481d","sha1":"4294b780bf80a47cae118b63ba8255e8cafb53f0","sha256":"2b58fd715df557cce1e80c117fd8f805c38d983586fa15718836e418ffccc5e9","sha512":"e2704efaa84e604c7c236828b273a9e05bb32960dbffa108c96e468b8ebd76d28d770b75fef63ef02ea73660bd4e6134c618244c94ea338ee410ae8f9f8354af","ssdeep":"","tlshash":"7c11c8dc33b4d5a210c5adb8f41360f624736f915d71452cc56bbc1caa0b481a1c1382","first_seen":"2023-05-27T06:40:11Z","last_seen":"2026-05-30T12:32:56.652848Z","times_seen":1188,"resource_available":false,"data":null}},"time_used":770,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":580,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/bet365.gif","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /bet365.gif HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/gif\r\nlast-modified: Sun, 12 Apr 2026 14:28:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dbac28-aa56\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43606,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1000 x 90","md5":"3216dcd42fd9916559d3fd5ed2f65184","sha1":"b821a3075d9ef5b2baf8ba84f4e68c84f932f68b","sha256":"c68b21ede44e194c7d506b927c8d77d95a674ec60233bfa04dd042646fb0b6c2","sha512":"d70246ee298f9c1704fd7990140a44c185c50168eb412277a5b74c08faa8ec575ae4e03148c3233b490718de3a9ba34fdafccfc004b99f89ac5f080fe77b5178","ssdeep":"768:LJyirFP44tHVxVXe02Z8PSbNrQfm66zUgT7YV09xWwI86S8S2D:LJyir54+1xVX2+PSbNrQfGN4VSxWmw","tlshash":"8513f18da9d8655ef39df98651afedec290ad8d2cf9c8b0213076a53430cc7168d0bb5","first_seen":"2026-02-04T07:47:53.87459Z","last_seen":"2026-05-30T12:32:56.641643Z","times_seen":20,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":586,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/z.weizhang.png","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/z.weizhang.png HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f4a80-439\"\r\nexpires: Mon, 29 Jun 2026 12:30:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1081,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit colormap, non-interlaced","md5":"ef78f55495eb27c6b09ae81752043981","sha1":"a994d1b0cef457ccf55cc621cd4fd1c66a62c3e8","sha256":"9d128a78db81e44c036f4bb48fba67647652f0fb3bcb7b720bc01f2fdacc303e","sha512":"684ea33b9439ebb650a736843a09e24f471a6ae56900da1e1379c52fe48027e571351228adfa519c5330e90a5be2e099cb14018acbf3bcdd856d428f89922be8","ssdeep":"","tlshash":"1811754f640bdf77d63748a04be5850573022106688a9805ec427d079b071449fca3f7","first_seen":"2023-05-27T06:40:10Z","last_seen":"2026-05-30T12:32:56.649517Z","times_seen":1174,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/pop.css","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/pop.css HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 03 Aug 2025 11:39:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f4a80-718\"\r\nexpires: Sun, 31 May 2026 00:30:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1816,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"74cf664123c47570d3ad19b8f91b6f48","sha1":"fea379be0812f021fee048fda51706774daa9e78","sha256":"f99bb48fc21cf5cfb4a1fae7364f941bfaa6561727a2f152b7f4bbef4e7903a9","sha512":"0c4b2000050e14a7b93b0f35cd57718d7098198376730cc10815e67a1f9c927847314bf9ba5f17c58becab669dbdbc9f522fd63a4b205412a06c27c85cc683ca","ssdeep":"","tlshash":"673110216681104a713bc49073f645b8da38c503b1130baef3d4b7b0afe18929274a97","first_seen":"2025-10-18T07:58:07.613405Z","last_seen":"2026-05-30T12:32:56.645177Z","times_seen":32,"resource_available":false,"data":null}},"time_used":579,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":579,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg111222.cc/index_files/layer.js.%E4%B8%8B%E8%BD%BD","fqdn":"hg111222.cc","domain":"hg111222.cc","tld":"cc"},"ip":{"addr":"23.248.239.250","port":443,"asn":138415,"as":"Yancy Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg111222.cc/","date":"2026-05-30T12:30:54.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hg111222.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 08:13:26 GMT","end":"Thu, 06 Aug 2026 08:13:25 GMT"},"fingerprint":{"sha1":"D1:10:80:72:DB:BD:CF:50:04:05:40:85:DC:67:F1:44:E7:C5:ED:12","sha256":"27:69:79:C1:2A:21:F6:A5:6D:33:E4:73:4E:14:EB:D1:7A:65:9E:B6:68:DC:A1:8D:32:33:A3:28:00:9C:8C:AA"}}},"request":{"raw":"GET /index_files/layer.js.%E4%B8%8B%E8%BD%BD HTTP/1.1\r\nHost: hg111222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg111222.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 30 May 2026 12:30:54 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":311,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"e0949e6a5244f833129eecb67db2d225","sha1":"84afb40b38250446be018a0b6618fe3ee33dd676","sha256":"c1526b6f29e936c91b98c51ff2c98d38d467a51a35897bb79b00ac59c9ece120","sha512":"a1f4910326f0a6a3dd104d9f223651580dfefda710179401e852b17315f6224db4811187496dbf010c2191888f7323e9bb599d82e46528c39de885551d95d157","ssdeep":"","tlshash":"cbe0726c3e12ae28065320b632f7e358e8e3223a2c2ac1100489c85b72867d68dc2321","first_seen":"2026-02-09T22:05:35.509612Z","last_seen":"2026-05-30T12:32:56.648302Z","times_seen":41,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"hg111222.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}