{"report_id":"d368ca8d-80be-4573-873f-5455b014e861","version":6,"status":"done","tags":[],"date":"2025-12-20T18:20:41Z","url":{"schema":"http","addr":"www.g5396633.com/","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.201","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.g5396633.com/","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"title":"8x8x - 在线免费影库","dom":{"size":2946,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1577)","md5":"916cb5dffa65b304440fc56800d8f64c","sha1":"0c1f350b098c7a8cac650faa241be4a2b2bad80e","sha256":"decce9483cbe5dec33950852d30e2f7e921fd0ca4e6db0c2a5a454487f0550eb","sha512":"f20b2116683c420ff61b2aaffe4bfba0262e27aa4d34c0e60193ac877cb05ec2db86d1207da027021b4c722abbfc17cd376ab760aac03a46a23f3caee8a32c75","ssdeep":"","tlshash":"ef517869359085ab13534164f6f1ea1eb99ad30ec90fd894f1af50d92bc1d82cc87968","dom_hash":"domhashb0e11a6559c2c7dd367d49de7894d4e4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.g5396633.com/","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.201","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T18:20:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"i.upu4xz7aj3v.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"i.upu4xz7aj3v.com","ip":{"addr":"23.224.92.147","port":32774,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-11-16","domain_rank":0,"first_seen":"2025-12-07T04:32:26.200792Z","last_seen":"2025-12-15T06:43:10.401549Z","alert_count":1,"request_count":1,"received_data":211362,"sent_data":425,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"www.g5396633.com","ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-12-18","domain_rank":0,"first_seen":"2025-12-20T18:20:41.488414Z","last_seen":"2025-12-20T18:20:41.488414Z","alert_count":0,"request_count":7,"received_data":111840,"sent_data":3120,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"mc.webvisor.org","ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"domain_registered":"2009-08-25","domain_rank":99131,"first_seen":"2017-08-16T02:40:17Z","last_seen":"2025-12-15T10:29:43.317233Z","alert_count":0,"request_count":6,"received_data":9794,"sent_data":6082,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.g5396633.com/","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"129508a8d76d04f0a18b246c9e36d475","sha1":"20613b4a029ba02c7d5e11d1b09661aab94ec4a3","sha256":"4eb7453379812642ba9ce57604b39966d033772d7cc174f8e46bdea905fd0259","sha512":"18c938d527ca7ccfdea45683a9201996f7d7f5b5e24a359fbf1fc27e29e05e48b89638f52b5cf820e1a684a11dcc2289a8b49e577e3f762fc7ae98e77d8087c0","ssdeep":"","tlshash":"a2f054983cc88534a373016817f3c208717a222f384eed50f75d0c923f50dea04a794c","size":523,"data":"","first_seen":"2025-12-03T16:29:39.595861Z","last_seen":"2026-01-12T09:42:19.041498Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/assets/index-v68X0COR.js","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bbdad4b6dbfc97218cc176baeccf6ca7","sha1":"08eb515551ef2bb287be36f7e45f3ac2aa7d261c","sha256":"7841aaf68187ed8a48bd0155f10b7ab0cec12f246cf6b34c519a55f6046c8314","sha512":"31d6aece4d6d19de4ddf7dc994e1bbc598642b613f86fefcdd6d7a76661da9521150b95f248697bf9bf97a25ba0e1123180ec82c1a7686b619b205da8020ac16","ssdeep":"1536:NH4dD5Y3WLvhFK3gJHnXYcyiLXV10p/K+6JnPSS/1Tt/:yd12WzhFKwNXYcyAV1ws","tlshash":"64431ad53196707652ea08ee806f1102e33428597c4fc451f27dac9b3d69d6aa2faf3c","size":55845,"data":"","first_seen":"2025-12-20T02:28:29.239338Z","last_seen":"2025-12-23T04:16:56.587588Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/assets/Yanzhen-CokcgUjv.js","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2b3d4120a5de24fd7af4c12de95047c9","sha1":"d2bfa9c385a8d862889eac8f8bfe1ab9234c6175","sha256":"7624ef67dab21c7958f3cb2a26a4e3d1c019b084bb1dbb63091c3660e5b81ea3","sha512":"7c1ea2b883369092d0f9576500ef890dd734a4d2a2e80c7c01d00761cd393dade12baca24a795e58701d45b259f24305945e0c4e322fd8f63e18a00462159f58","ssdeep":"384:368Y3Op3n00I83CTD/zRhoGYVBI/i1+4QGwNu2YlmeW:368Y+p3nhI83CTD/zRhoGYVBI/ipQGwP","tlshash":"bc42f998731a257d21db44fd75fa5021e3a8ab8dfd0fc651f87dcc8636498184389f2a","size":12626,"data":"","first_seen":"2025-12-20T02:28:29.230048Z","last_seen":"2025-12-23T04:16:56.595866Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.upu4xz7aj3v.com:32774/utils/ttg.js","fqdn":"i.upu4xz7aj3v.com","domain":"upu4xz7aj3v.com","tld":"com"},"ip":{"addr":"23.224.92.147","port":32774,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b76a0ecb36eedd45f177f20b9f37603d","sha1":"76a5f38001a33dffad16ad8192db62c615e3986e","sha256":"9262564dbb162db08e79bc2817bbf8dec867ab9d9a4a1d78349c97965cedfdba","sha512":"82bdde1de9cd7fdc5250f493a882047797fa919fc69cd310404e6ce8fb5d978fd1d7f1c35c770ffc9c05aab6365761b7cee0a5a8f62ecd57c33babba10eef6a3","ssdeep":"3072:ncn4vsldqnz8NvH/1kwtgPgvRE/6q/cz031pESh:n4SscPIRE/69z031Dh","tlshash":"5524e8d976a2b062436335b4a07f110fb27eac95f10c8598f185e9e43e389ad9137f6c","size":210731,"data":"","first_seen":"2025-04-10T20:45:18.021691Z","last_seen":"2026-05-04T12:56:52.501261Z","times_seen":760,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.g5396633.com/assets/Yanzhen-kzbgkn40.css","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:19.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g5396633.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 12:43:20 GMT","end":"Wed, 18 Mar 2026 12:43:19 GMT"},"fingerprint":{"sha1":"B3:7A:30:77:4C:0B:B9:6D:92:C9:C5:D0:B4:CF:4A:3A:8E:F5:E5:35","sha256":"50:04:21:54:D0:73:45:13:84:38:9E:40:DE:CB:45:D7:3D:22:B3:80:18:2B:A1:6F:77:98:64:51:BE:86:FA:B8"}}},"request":{"raw":"GET /assets/Yanzhen-kzbgkn40.css HTTP/1.1\r\nHost: www.g5396633.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 20 Dec 2025 18:20:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Dec 2025 04:56:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6944db19-11b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":283,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"2525666a85f853cc8ddba23e56f1aea6","sha1":"942d9a09d36b459b3118ee527c24a75184664f91","sha256":"f8cc012d299c454633b2711ba861d507527db3ddb80194e46dc39166387f1e90","sha512":"3c131ea64bc34f75bdf7b9f3c0b20942131b95412e5d99c8fea10dad1d00e476e56be2e78a9af439fd3f1ab64626c408bbd8d3cfbc63a5e70b84503279b73479","ssdeep":"","tlshash":"94d0c2885e670c89434a03d3a4fc7b6d90bd86d6a6231cdf26a0184b04804ef92e1916","first_seen":"2025-12-13T13:53:08.133514Z","last_seen":"2026-03-03T08:10:10.821841Z","times_seen":102,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/metrika/advert.gif","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:20.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /metrika/advert.gif HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 43\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncontent-type: image/gif\r\netag: \"6932e5aa-2b\"\r\naccept-ranges: bytes\r\nset-cookie: bh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Sun, 24 Jan 2027 18:20:20 GMT; SameSite=None; Secure\r\ncache-control: max-age=3600\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000\r\ndate: Sat, 20 Dec 2025 18:20:20 GMT\r\nexpires: Sat, 20 Dec 2025 19:20:20 GMT\r\nlast-modified: Fri, 05 Dec 2025 14:01:14 GMT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"df3e567d6f16d040326c7a0ea29a4f41","sha1":"ea7df583983133b62712b5e73bffbcd45cc53736","sha256":"548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87","sha512":"b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041","ssdeep":"","tlshash":"c2900003caa08002c2a2c0300a0a03002f88a2300228030e80bc30acec3a3a22c02000","first_seen":"2023-04-05T03:49:37Z","last_seen":"2026-06-03T20:56:01.798674Z","times_seen":104812,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":163,"dns":5,"connect":51,"send":0,"wait":47,"receive":0,"ssl":106},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/3/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026page-ref\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A1147438787847%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A623050488%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Ast%3A1766254820\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29\u0026redirnss=1","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:20.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/3/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026page-ref\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A1147438787847%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A623050488%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Ast%3A1766254820\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29\u0026redirnss=1 HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.g5396633.com\r\nReferer: https://www.g5396633.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: yabs-sid=803765721766254820; i=BDo9OuQm5Wzb30z4D0JoPikgwG802PG8gBtlpQhKvnNjUD0W976tLL8tTdYl/3jfZskcp2yG9Dl5zvBZRo5qHxlsW5A=; yandexuid=157226331766254820; yuidss=157226331766254820; ymex=1797790820.yrts.1766254820#1797790820.yrtsi.1766254820; bh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 501\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 20-Dec-2025 18:20:20 GMT\r\naccess-control-allow-credentials: true\r\ncontent-type: application/json; charset=utf-8\r\nx-content-type-options: nosniff\r\npragma: no-cache\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Sat, 20-Dec-2025 18:20:20 GMT\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\naccess-control-allow-origin: https://www.g5396633.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":501,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8a3d1e859bb3794f0abb53adb8c76e0d","sha1":"bc593810e74925e6a803d9604b4e706e5375804e","sha256":"55b236fff4f92e1ba4a864672764bf6113d018ad7e5d4f7a129c8512bdd8b742","sha512":"bbd84176fc9022af66002ebaf073eda2e4acaf03ec6b53df07c7b846bfe951a2c49fcdf54e2151490134653f03576c27d47a466a32810e743c187940439be643","ssdeep":"","tlshash":"4af005185560913636cbcb9199f62106a9831052595207e5fa5f53a048cfc3af946ce8","first_seen":"2025-12-20T18:20:45.408022Z","last_seen":"2025-12-20T18:20:45.408022Z","times_seen":1,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/98611300/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A373885541857%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A933901685%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1766254820%3At%3A8x8x%20-%20%E5%9C%A8%E7%BA%BF%E5%85%8D%E8%B4%B9%E5%BD%B1%E5%BA%93\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29\u0026redirnss=1","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:20.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/98611300/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A373885541857%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A933901685%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1766254820%3At%3A8x8x%20-%20%E5%9C%A8%E7%BA%BF%E5%85%8D%E8%B4%B9%E5%BD%B1%E5%BA%93\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29\u0026redirnss=1 HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.g5396633.com\r\nReferer: https://www.g5396633.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: yabs-sid=803765721766254820; i=BDo9OuQm5Wzb30z4D0JoPikgwG802PG8gBtlpQhKvnNjUD0W976tLL8tTdYl/3jfZskcp2yG9Dl5zvBZRo5qHxlsW5A=; yandexuid=157226331766254820; yuidss=157226331766254820; ymex=1797790820.yrts.1766254820#1797790820.yrtsi.1766254820; bh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 672\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-credentials: true\r\nlast-modified: Sat, 20-Dec-2025 18:20:20 GMT\r\nstrict-transport-security: max-age=31536000\r\naccess-control-allow-origin: https://www.g5396633.com\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nx-content-type-options: nosniff\r\nexpires: Sat, 20-Dec-2025 18:20:20 GMT\r\ncontent-type: application/json; charset=utf-8\r\npragma: no-cache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":672,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"72d6b2a03e95ec7b4b9b90102b43e115","sha1":"364cb15e0258d6b0d385890c693921130ce534fd","sha256":"dbe6842d4975d18a0983b4e05bc611aafedfc834c04af1ae93091d98630765a2","sha512":"01c338a247e0fce5493431108384bcd34ee984eb499f3b70249b342f063bc2f34053eea26c2fef99f440c3d32290802b4509f031ee8a99b4847097707008df65","ssdeep":"","tlshash":"1201fe108945457b8923866406ad7203a9a830064cc737a0aa449ab1288df5e73427f3","first_seen":"2025-12-20T18:20:45.415713Z","last_seen":"2025-12-20T18:20:45.415713Z","times_seen":1,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/assets/index-DmG0vQun.css","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:18.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g5396633.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 12:43:20 GMT","end":"Wed, 18 Mar 2026 12:43:19 GMT"},"fingerprint":{"sha1":"B3:7A:30:77:4C:0B:B9:6D:92:C9:C5:D0:B4:CF:4A:3A:8E:F5:E5:35","sha256":"50:04:21:54:D0:73:45:13:84:38:9E:40:DE:CB:45:D7:3D:22:B3:80:18:2B:A1:6F:77:98:64:51:BE:86:FA:B8"}}},"request":{"raw":"GET /assets/index-DmG0vQun.css HTTP/1.1\r\nHost: www.g5396633.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 20 Dec 2025 18:20:18 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Dec 2025 04:56:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6944db19-6984\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27012,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (27011)","md5":"f55a5d6c5d076509d678c0b4b9bb8ba0","sha1":"a0181975f86b238c76fbb4d042fa27757b6d9f75","sha256":"063a10f122c5d697011db0eda5ae7f6d33892ae7680a3789112db9168aa96f13","sha512":"31966f3251d08f93848ce4e29b388eceb1ca6910481f2b93f95237421ed032d4ba065ea9549669ada5c71a7054a3acf4e0ba8b0b24533c45d04dc96ea2a5c76a","ssdeep":"192:O9JyW9JyyxwOZ72+g2YiSi+ahLsfzsfDQvAC8gNALKDEb8JE/y/HxrSsfUQllZeX:kwe7gX4+ah/QvtnNFgqE/y/HxriwI","tlshash":"23c2432dab50043b6c6380f6e5d5a65df62bb0c1df3a6beabd8251109bc63f70c93604","first_seen":"2025-12-20T02:28:29.237379Z","last_seen":"2025-12-30T21:01:50.621566Z","times_seen":19,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":334,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.upu4xz7aj3v.com:32774/utils/ttg.js","fqdn":"i.upu4xz7aj3v.com","domain":"upu4xz7aj3v.com","tld":"com"},"ip":{"addr":"23.224.92.147","port":32774,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:19.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upu4xz7aj3v.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 11:57:18 GMT","end":"Sun, 15 Feb 2026 11:57:17 GMT"},"fingerprint":{"sha1":"44:18:AF:A7:BE:04:32:4A:65:A9:CF:D1:2B:FC:CC:17:62:D3:65:02","sha256":"FA:CC:4F:08:7A:1A:60:06:1D:45:4E:89:9B:D1:C0:B7:06:78:93:25:A1:85:C2:35:51:98:E3:DD:2A:B5:28:88"}}},"request":{"raw":"GET /utils/ttg.js HTTP/1.1\r\nHost: i.upu4xz7aj3v.com:32774\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 18:21:44 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-oss-request-id: 6946E8B3EE24003738AE1282\r\netag: W/\"B76A0ECB36EEDD45F177F20B9F37603D\"\r\nlast-modified: Sat, 20 Dec 2025 02:42:35 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10376748652662976768\r\nx-oss-storage-class: Standard\r\nx-oss-expiration: expiry-date=\"Mon, 22 Dec 2025 00:00:00 GMT\", rule-id=\"c574fcac-d23b-41d6-ae1d-24e1c6d4b40e\"\r\ncontent-md5: t2oOyzbu3UXxd/ILnzdgPQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":210731,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (590)","md5":"b76a0ecb36eedd45f177f20b9f37603d","sha1":"76a5f38001a33dffad16ad8192db62c615e3986e","sha256":"9262564dbb162db08e79bc2817bbf8dec867ab9d9a4a1d78349c97965cedfdba","sha512":"82bdde1de9cd7fdc5250f493a882047797fa919fc69cd310404e6ce8fb5d978fd1d7f1c35c770ffc9c05aab6365761b7cee0a5a8f62ecd57c33babba10eef6a3","ssdeep":"3072:ncn4vsldqnz8NvH/1kwtgPgvRE/6q/cz031pESh:n4SscPIRE/69z031Dh","tlshash":"5524e8d976a2b062436335b4a07f110fb27eac95f10c8598f185e9e43e389ad9137f6c","first_seen":"2025-04-10T20:45:18.021691Z","last_seen":"2026-05-04T12:56:52.501261Z","times_seen":760,"resource_available":true,"data":null}},"time_used":1052,"timings":{"blocked":449,"dns":128,"connect":153,"send":0,"wait":153,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"i.upu4xz7aj3v.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/assets/Yanzhen-CokcgUjv.js","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:19.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g5396633.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 12:43:20 GMT","end":"Wed, 18 Mar 2026 12:43:19 GMT"},"fingerprint":{"sha1":"B3:7A:30:77:4C:0B:B9:6D:92:C9:C5:D0:B4:CF:4A:3A:8E:F5:E5:35","sha256":"50:04:21:54:D0:73:45:13:84:38:9E:40:DE:CB:45:D7:3D:22:B3:80:18:2B:A1:6F:77:98:64:51:BE:86:FA:B8"}}},"request":{"raw":"GET /assets/Yanzhen-CokcgUjv.js HTTP/1.1\r\nHost: www.g5396633.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.g5396633.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 20 Dec 2025 18:20:19 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 19 Dec 2025 04:56:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6944db19-316a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12650,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (12153)","md5":"2b3d4120a5de24fd7af4c12de95047c9","sha1":"d2bfa9c385a8d862889eac8f8bfe1ab9234c6175","sha256":"7624ef67dab21c7958f3cb2a26a4e3d1c019b084bb1dbb63091c3660e5b81ea3","sha512":"7c1ea2b883369092d0f9576500ef890dd734a4d2a2e80c7c01d00761cd393dade12baca24a795e58701d45b259f24305945e0c4e322fd8f63e18a00462159f58","ssdeep":"384:368Y3Op3n00I83CTD/zRhoGYVBI/i1+4QGwNu2YlmeW:368Y+p3nhI83CTD/zRhoGYVBI/ipQGwP","tlshash":"bc42f998731a257d21db44fd75fa5021e3a8ab8dfd0fc651f87dcc8636498184389f2a","first_seen":"2025-12-20T02:28:29.230048Z","last_seen":"2025-12-23T04:16:56.595866Z","times_seen":13,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/assets/Yanzhen-CokcgUjv.js","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:19.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g5396633.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 12:43:20 GMT","end":"Wed, 18 Mar 2026 12:43:19 GMT"},"fingerprint":{"sha1":"B3:7A:30:77:4C:0B:B9:6D:92:C9:C5:D0:B4:CF:4A:3A:8E:F5:E5:35","sha256":"50:04:21:54:D0:73:45:13:84:38:9E:40:DE:CB:45:D7:3D:22:B3:80:18:2B:A1:6F:77:98:64:51:BE:86:FA:B8"}}},"request":{"raw":"GET /assets/Yanzhen-CokcgUjv.js HTTP/1.1\r\nHost: www.g5396633.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/assets/index-v68X0COR.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 20 Dec 2025 18:20:19 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 19 Dec 2025 04:56:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6944db19-316a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12650,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (12153)","md5":"2b3d4120a5de24fd7af4c12de95047c9","sha1":"d2bfa9c385a8d862889eac8f8bfe1ab9234c6175","sha256":"7624ef67dab21c7958f3cb2a26a4e3d1c019b084bb1dbb63091c3660e5b81ea3","sha512":"7c1ea2b883369092d0f9576500ef890dd734a4d2a2e80c7c01d00761cd393dade12baca24a795e58701d45b259f24305945e0c4e322fd8f63e18a00462159f58","ssdeep":"384:368Y3Op3n00I83CTD/zRhoGYVBI/i1+4QGwNu2YlmeW:368Y+p3nhI83CTD/zRhoGYVBI/ipQGwP","tlshash":"bc42f998731a257d21db44fd75fa5021e3a8ab8dfd0fc651f87dcc8636498184389f2a","first_seen":"2025-12-20T02:28:29.230048Z","last_seen":"2025-12-23T04:16:56.595866Z","times_seen":13,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/vite.svg","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:19.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g5396633.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 12:43:20 GMT","end":"Wed, 18 Mar 2026 12:43:19 GMT"},"fingerprint":{"sha1":"B3:7A:30:77:4C:0B:B9:6D:92:C9:C5:D0:B4:CF:4A:3A:8E:F5:E5:35","sha256":"50:04:21:54:D0:73:45:13:84:38:9E:40:DE:CB:45:D7:3D:22:B3:80:18:2B:A1:6F:77:98:64:51:BE:86:FA:B8"}}},"request":{"raw":"GET /vite.svg HTTP/1.1\r\nHost: www.g5396633.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Sat, 20 Dec 2025 18:20:19 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":150,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"597ba0d4396e9c906225140ce907092c","sha1":"28ae2ba65ccdb583d79f85b8cc9509fae697493b","sha256":"ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6","sha512":"8898f14bd6cb5c72d6ee5878af3700be6d03b56a5a21a3d58ef347f008acf4ac68a46a908903e1d42999c1e259e77d7df686c94765865ae07361b2c4e04adf2c","ssdeep":"","tlshash":"18c02b2d24137c0c8663307636c37050c1978337a67e10210400805330cf1998ac33af","first_seen":"2023-04-05T14:00:46Z","last_seen":"2026-06-03T21:23:01.549622Z","times_seen":35861,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/3?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026page-ref=\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A1147438787847%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A623050488%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Ast%3A1766254820\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ti(2)","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:20.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/3?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026page-ref=\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A1147438787847%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A623050488%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Ast%3A1766254820\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ti(2) HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.g5396633.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nlocation: /watch/3/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026page-ref\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A1147438787847%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A623050488%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Ast%3A1766254820\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29\u0026redirnss=1\r\nset-cookie: yabs-sid=2643606131766254820; Path=/; SameSite=None; Secure\ni=vzBu0Oso+7uU7D9g4Nrumj1d2H6juAPzGiXczEuWQPqHui6RB7ByKblprzFhW4li2Sb1+oe8n04PX8FjDdroTGvunCw=; Expires=Tue, 18-Dec-2035 18:20:19 GMT; Domain=.webvisor.org; Path=/; Secure; HttpOnly; SameSite=None\nyandexuid=7303917981766254820; Expires=Tue, 18-Dec-2035 18:20:19 GMT; Domain=.webvisor.org; Path=/; Secure; SameSite=None\nyuidss=7303917981766254820; Expires=Sun, 20-Dec-2026 18:20:20 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nymex=1797790820.yrts.1766254820#1797790820.yrtsi.1766254820; Expires=Sun, 20-Dec-2026 18:20:20 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nbh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Sun, 24 Jan 2027 18:20:20 GMT; SameSite=None; Secure\nbh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Sun, 24 Jan 2027 18:20:20 GMT; SameSite=None; Secure\r\naccess-control-allow-credentials: true\r\npragma: no-cache\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\naccess-control-allow-origin: https://www.g5396633.com\r\nexpires: Sat, 20-Dec-2025 18:20:20 GMT\r\nlast-modified: Sat, 20-Dec-2025 18:20:20 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":501,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":356,"timings":{"blocked":155,"dns":0,"connect":44,"send":0,"wait":47,"receive":0,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/sync_cookie_image_check","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:20.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /sync_cookie_image_check HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nCookie: yabs-sid=803765721766254820; i=BDo9OuQm5Wzb30z4D0JoPikgwG802PG8gBtlpQhKvnNjUD0W976tLL8tTdYl/3jfZskcp2yG9Dl5zvBZRo5qHxlsW5A=; yandexuid=157226331766254820; yuidss=157226331766254820; ymex=1797790820.yrts.1766254820#1797790820.yrtsi.1766254820; bh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlocation: https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org\u0026token=10886.t21ztunIBlGhXzBzCZF_lQ8CANTPz-RiaoDVQhYCk2Kv6k8B1S4thbEqgkr2PXpz.9RMlWhuxhJujsvthSXaw1ManNRs%2C\r\nstrict-transport-security: max-age=31536000\r\nx-xss-protection: 1; mode=block\r\nset-cookie: sync_cookie_csrf=3842271941fake; Expires=Sat, 20-Dec-2025 18:30:20 GMT; Domain=.mc.webvisor.org; Path=/; SameSite=None; Secure\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/assets/index-v68X0COR.js","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:18.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g5396633.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 12:43:20 GMT","end":"Wed, 18 Mar 2026 12:43:19 GMT"},"fingerprint":{"sha1":"B3:7A:30:77:4C:0B:B9:6D:92:C9:C5:D0:B4:CF:4A:3A:8E:F5:E5:35","sha256":"50:04:21:54:D0:73:45:13:84:38:9E:40:DE:CB:45:D7:3D:22:B3:80:18:2B:A1:6F:77:98:64:51:BE:86:FA:B8"}}},"request":{"raw":"GET /assets/index-v68X0COR.js HTTP/1.1\r\nHost: www.g5396633.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 20 Dec 2025 18:20:18 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 19 Dec 2025 04:56:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6944db19-da25\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55845,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (54614)","md5":"bbdad4b6dbfc97218cc176baeccf6ca7","sha1":"08eb515551ef2bb287be36f7e45f3ac2aa7d261c","sha256":"7841aaf68187ed8a48bd0155f10b7ab0cec12f246cf6b34c519a55f6046c8314","sha512":"31d6aece4d6d19de4ddf7dc994e1bbc598642b613f86fefcdd6d7a76661da9521150b95f248697bf9bf97a25ba0e1123180ec82c1a7686b619b205da8020ac16","ssdeep":"1536:NH4dD5Y3WLvhFK3gJHnXYcyiLXV10p/K+6JnPSS/1Tt/:yd12WzhFKwNXYcyAV1ws","tlshash":"64431ad53196707652ea08ee806f1102e33428597c4fc451f27dac9b3d69d6aa2faf3c","first_seen":"2025-12-20T02:28:29.239338Z","last_seen":"2025-12-23T04:16:56.587588Z","times_seen":13,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/98611300?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A373885541857%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A933901685%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1766254820%3At%3A8x8x%20-%20%E5%9C%A8%E7%BA%BF%E5%85%8D%E8%B4%B9%E5%BD%B1%E5%BA%93\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2)","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.250.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.g5396633.com/","date":"2025-12-20T18:20:20.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/98611300?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A373885541857%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A933901685%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1766254820%3At%3A8x8x%20-%20%E5%9C%A8%E7%BA%BF%E5%85%8D%E8%B4%B9%E5%BD%B1%E5%BA%93\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.g5396633.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.g5396633.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nstrict-transport-security: max-age=31536000\r\nset-cookie: yabs-sid=803765721766254820; Path=/; SameSite=None; Secure\ni=BDo9OuQm5Wzb30z4D0JoPikgwG802PG8gBtlpQhKvnNjUD0W976tLL8tTdYl/3jfZskcp2yG9Dl5zvBZRo5qHxlsW5A=; Expires=Tue, 18-Dec-2035 18:20:17 GMT; Domain=.webvisor.org; Path=/; Secure; HttpOnly; SameSite=None\nyandexuid=157226331766254820; Expires=Tue, 18-Dec-2035 18:20:17 GMT; Domain=.webvisor.org; Path=/; Secure; SameSite=None\nyuidss=157226331766254820; Expires=Sun, 20-Dec-2026 18:20:20 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nymex=1797790820.yrts.1766254820#1797790820.yrtsi.1766254820; Expires=Sun, 20-Dec-2026 18:20:20 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nbh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Sun, 24 Jan 2027 18:20:20 GMT; SameSite=None; Secure\nbh=YOTRm8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Sun, 24 Jan 2027 18:20:20 GMT; SameSite=None; Secure\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nx-xss-protection: 1; mode=block\r\nexpires: Sat, 20-Dec-2025 18:20:20 GMT\r\nlast-modified: Sat, 20-Dec-2025 18:20:20 GMT\r\npragma: no-cache\r\nlocation: /watch/98611300/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.g5396633.com%2F\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1410%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A373885541857%3Ahid%3A110324803%3Az%3A0%3Ai%3A20251220182020%3Aet%3A1766254820%3Ac%3A1%3Arn%3A933901685%3Arqn%3A1%3Au%3A1766254820448365996%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1766254818021%3Ads%3A4%2C340%2C161%2C0%2C32%2C0%2C%2C508%2C4%2C%2C%2C%2C1084%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1766254820%3At%3A8x8x%20-%20%E5%9C%A8%E7%BA%BF%E5%85%8D%E8%B4%B9%E5%BD%B1%E5%BA%93\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29\u0026redirnss=1\r\naccess-control-allow-origin: https://www.g5396633.com\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":672,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":174,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":125},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.g5396633.com/","fqdn":"www.g5396633.com","domain":"g5396633.com","tld":"com"},"ip":{"addr":"23.225.250.97","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T18:20:18.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g5396633.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 12:43:20 GMT","end":"Wed, 18 Mar 2026 12:43:19 GMT"},"fingerprint":{"sha1":"B3:7A:30:77:4C:0B:B9:6D:92:C9:C5:D0:B4:CF:4A:3A:8E:F5:E5:35","sha256":"50:04:21:54:D0:73:45:13:84:38:9E:40:DE:CB:45:D7:3D:22:B3:80:18:2B:A1:6F:77:98:64:51:BE:86:FA:B8"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.g5396633.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 20 Dec 2025 18:20:18 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Fri, 19 Dec 2025 04:56:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6944db19-411\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1041,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"8d769f6043a0a6a54c5dee6faa17609b","sha1":"61d59fa314c2f0d69b904f18dd91568e9c1c093d","sha256":"8dfdf6fecd941a0d18c77d29ac432293060d2a08e5e67aad09fe5ec1a4af65bb","sha512":"707e0967466f65e178fa493707a182a578412aa191a6514e284494ff9bf534680ccaadaa2b90d51e8f27bcc80e3757f8adaf3c1b061e53b8be751c620532d718","ssdeep":"","tlshash":"fc1102446cd0c814933102251ff3e5087956e31b564edd5472de54752f84ac7489f9ac","first_seen":"2025-12-20T02:28:29.233688Z","last_seen":"2025-12-23T04:16:56.594541Z","times_seen":13,"resource_available":false,"data":null}},"time_used":849,"timings":{"blocked":344,"dns":4,"connect":161,"send":0,"wait":161,"receive":0,"ssl":177},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}