{"report_id":"d3e63421-698d-4144-82fc-042abae5eca2","version":6,"status":"done","tags":[],"date":"2026-03-07T14:45:53Z","url":{"schema":"http","addr":"aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":0,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"title":"厕拍_搜索_第1页 - 伊人久久","dom":{"size":109228,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (52420)","md5":"c3173cc43b4d86ac6b820ea372cf213a","sha1":"a51699d73b65baaf12acecfc0766a4ff22445872","sha256":"0fc879ed00d77b38b16fa1bae82eb01fb4964dd65f8b2f8ba2e7ccd227a51ad9","sha512":"b7dfad521520fb86004419428f7afcc5b202ed6186daa620a0ec5b301eb00021254297331498c02c6242b447c949d8c97b6308a7f41bc291fa3e409a3a29dd34","ssdeep":"768:DV6YCiIGmsCHuPtc9NHIJTbxOlY/XrWUFNK4qToURuoNfamGLFlnsp6vq/LwpuJs:DV6YCiIgg6i/RUACIU1egce/JL+WOc","tlshash":"46b3c63944e5363fa1b748da60d65bdee2e3164ecaa38f08bffc1e1c5789d84b512205","dom_hash":"domhashb5ce113cd41acc8b12f1c4b1052473ae","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":0,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T14:45:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"img.alicdn.com","ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2008-06-25","domain_rank":61670,"first_seen":"2015-03-04T07:06:39Z","last_seen":"2026-03-04T23:10:25.092548Z","alert_count":0,"request_count":11,"received_data":3295109,"sent_data":5397,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"uqetyzxa.com","ip":{"addr":"23.226.79.50","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"domain_registered":"2024-09-17","domain_rank":169320,"first_seen":"2024-09-18T17:57:27Z","last_seen":"2026-03-05T02:19:14.967211Z","alert_count":0,"request_count":3,"received_data":526344,"sent_data":1332,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pic10.seaige.com","ip":{"addr":"172.67.148.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-09","domain_rank":0,"first_seen":"2022-01-11T15:25:49Z","last_seen":"2026-02-23T11:05:42.675457Z","alert_count":0,"request_count":1,"received_data":16992,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic11.ysj77.com","ip":{"addr":"172.67.184.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2025-04-20T23:26:29.385857Z","last_seen":"2026-03-07T07:53:57.288165Z","alert_count":0,"request_count":2,"received_data":126764,"sent_data":950,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"d18wfmxtvthwf6.cloudfront.net","ip":{"addr":"54.192.209.189","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-10-19T14:31:41.989548Z","last_seen":"2026-03-02T03:05:13.284748Z","alert_count":0,"request_count":2,"received_data":557564,"sent_data":907,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"www.jkuntupiaxxzz.com","ip":{"addr":"64.112.76.43","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"domain_registered":"2026-01-21","domain_rank":0,"first_seen":"2026-01-28T07:38:35.46468Z","last_seen":"2026-03-06T12:09:51.961938Z","alert_count":0,"request_count":1,"received_data":5044,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fsffbhd.4000522777.xn--fiqs8s","ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-31","domain_rank":0,"first_seen":"2026-02-08T15:30:41.519119Z","last_seen":"2026-03-02T14:58:29.631081Z","alert_count":0,"request_count":2,"received_data":1284560,"sent_data":976,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"2026tu.myxuanxuan.com","ip":{"addr":"101.33.21.239","port":443,"asn":139341,"as":"ACE","country":"United States","country_code":"US"},"domain_registered":"2016-04-10","domain_rank":0,"first_seen":"2026-01-26T20:19:42.17682Z","last_seen":"2026-03-03T01:49:52.828292Z","alert_count":0,"request_count":1,"received_data":643927,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pic10.msn87.com","ip":{"addr":"104.21.50.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2025-03-03T19:15:12.859424Z","last_seen":"2026-03-07T02:53:26.320101Z","alert_count":0,"request_count":1,"received_data":21602,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"txdy.hznunxc.com","ip":{"addr":"157.185.128.120","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"domain_registered":"2025-07-15","domain_rank":0,"first_seen":"2026-02-12T23:34:46.222479Z","last_seen":"2026-03-06T10:32:29.455701Z","alert_count":0,"request_count":1,"received_data":120303,"sent_data":436,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"dq38rjje7qjm3.cloudfront.net","ip":{"addr":"54.230.245.199","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-03-24T19:11:01.50764Z","last_seen":"2026-03-06T23:17:34.307628Z","alert_count":0,"request_count":1,"received_data":94060,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"mdutpianzxusifas.com","ip":{"addr":"45.204.71.19","port":443,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"domain_registered":"2026-01-23","domain_rank":0,"first_seen":"2026-01-25T07:46:05.172822Z","last_seen":"2026-03-06T22:51:46.662522Z","alert_count":0,"request_count":1,"received_data":94115,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pic14.ysj77.com","ip":{"addr":"172.67.184.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2025-05-12T01:31:59.5056Z","last_seen":"2026-02-22T07:49:16.031522Z","alert_count":0,"request_count":1,"received_data":24521,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img1.ah7907.com","ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"domain_registered":"2024-08-29","domain_rank":0,"first_seen":"2025-11-08T09:13:57.808607Z","last_seen":"2026-03-06T18:33:33.708453Z","alert_count":0,"request_count":4,"received_data":631360,"sent_data":1760,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"img.meituan.net","ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"domain_registered":"2010-01-25","domain_rank":189994,"first_seen":"2017-02-03T02:36:44Z","last_seen":"2026-03-06T03:12:30.353861Z","alert_count":0,"request_count":1,"received_data":407470,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"img1.souavzy.info","ip":{"addr":"104.21.12.156","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-15","domain_rank":4283918,"first_seen":"2025-06-15T03:19:19.494945Z","last_seen":"2026-03-05T02:19:14.612835Z","alert_count":0,"request_count":2,"received_data":1118,"sent_data":968,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pg888.12img707989.com","ip":{"addr":"205.198.65.15","port":5658,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-12-17","domain_rank":0,"first_seen":"2025-12-18T04:56:01.819009Z","last_seen":"2026-03-06T10:32:29.6222Z","alert_count":0,"request_count":1,"received_data":732708,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"d3ccefxs96519j.cloudfront.net","ip":{"addr":"54.192.209.125","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-06-30T07:13:17.425046Z","last_seen":"2026-03-06T18:33:33.366879Z","alert_count":0,"request_count":1,"received_data":96183,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"thjpg10.top","ip":{"addr":"67.21.86.10","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"domain_registered":"2025-07-25","domain_rank":1625868,"first_seen":"2025-07-27T05:09:07.160248Z","last_seen":"2026-03-07T06:29:50.955709Z","alert_count":0,"request_count":1,"received_data":154,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"jkunnzyx.com","ip":{"addr":"23.226.76.18","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"domain_registered":"2025-04-21","domain_rank":376120,"first_seen":"2025-05-09T15:55:11.644647Z","last_seen":"2026-03-05T02:19:15.441884Z","alert_count":0,"request_count":1,"received_data":41164,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"jkhabkrqjbj.com","ip":{"addr":"23.226.76.18","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"domain_registered":"2025-12-16","domain_rank":0,"first_seen":"2025-12-20T03:52:38.933004Z","last_seen":"2026-02-24T13:12:00.654738Z","alert_count":0,"request_count":1,"received_data":60793,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.mdynieu.com","ip":{"addr":"161.129.35.198","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-07T12:04:46.874157Z","last_seen":"2026-03-02T14:58:31.744236Z","alert_count":0,"request_count":1,"received_data":407041,"sent_data":459,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aosikazyy.com","ip":{"addr":"64.112.78.71","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"domain_registered":"2026-01-27","domain_rank":0,"first_seen":"2026-02-04T06:52:44.115423Z","last_seen":"2026-03-06T10:28:17.305962Z","alert_count":0,"request_count":5,"received_data":1256739,"sent_data":2225,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"thjpg2.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-11-07","domain_rank":1917844,"first_seen":"2025-02-28T20:45:24.625846Z","last_seen":"2026-03-07T04:15:05.924609Z","alert_count":0,"request_count":2,"received_data":0,"sent_data":954,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img1.souavimg.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-13T06:05:21.935474Z","last_seen":"2026-03-05T02:19:17.213844Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":484,"comment":"","tags":null,"fingerprints":null},{"fqdn":"11224.xn--gps-8y0gm25n.xn--55qx5d","ip":{"addr":"116.211.128.174","port":443,"asn":58563,"as":"CHINANET Hubei province network","country":"China","country_code":"CN"},"domain_registered":"2025-04-18","domain_rank":0,"first_seen":"2025-12-12T01:01:33.916178Z","last_seen":"2026-03-02T14:58:30.066784Z","alert_count":0,"request_count":1,"received_data":686930,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tuaskbgnekr.com","ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"domain_registered":"2025-03-12","domain_rank":193855,"first_seen":"2025-03-16T23:57:53.559575Z","last_seen":"2026-03-01T21:39:00.075971Z","alert_count":0,"request_count":13,"received_data":1422688,"sent_data":5811,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"aqf.yrjj7.help","ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"domain_registered":"2026-02-23","domain_rank":0,"first_seen":"2026-03-07T05:39:30.32171Z","last_seen":"2026-03-07T05:39:30.321711Z","alert_count":17,"request_count":17,"received_data":1277771,"sent_data":9021,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"www.jkuntp.com","ip":{"addr":"64.112.76.43","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"domain_registered":"2023-02-23","domain_rank":3345365,"first_seen":"2023-03-12T07:09:25Z","last_seen":"2026-02-27T07:13:25.431119Z","alert_count":0,"request_count":4,"received_data":211340,"sent_data":1928,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sex8sex811.com","ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-02-25","domain_rank":660237,"first_seen":"2025-06-25T17:42:29.557339Z","last_seen":"2026-03-03T22:51:28.752653Z","alert_count":0,"request_count":1,"received_data":142,"sent_data":446,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img1212.syhze.com","ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2014-05-15","domain_rank":0,"first_seen":"2025-12-21T08:33:05.525239Z","last_seen":"2026-03-07T01:42:14.214173Z","alert_count":0,"request_count":2,"received_data":940974,"sent_data":892,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sbzytpimg4.com","ip":{"addr":"23.140.124.25","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-04-24","domain_rank":0,"first_seen":"2026-01-09T01:30:30.561069Z","last_seen":"2026-03-01T17:52:05.500667Z","alert_count":0,"request_count":1,"received_data":117915,"sent_data":486,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pic17.anzise.com","ip":{"addr":"104.21.62.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-18","domain_rank":0,"first_seen":"2022-08-09T20:01:34Z","last_seen":"2026-03-02T14:58:29.152101Z","alert_count":0,"request_count":1,"received_data":66696,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"jpgjingpinx1.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-03-13","domain_rank":172398,"first_seen":"2025-04-02T05:04:02.716789Z","last_seen":"2026-03-05T02:19:14.75996Z","alert_count":0,"request_count":3,"received_data":0,"sent_data":1449,"comment":"","tags":null,"fingerprints":null},{"fqdn":"11221.xn--gps-8y0gm25n.xn--55qx5d","ip":{"addr":"116.211.128.174","port":443,"asn":58563,"as":"CHINANET Hubei province network","country":"China","country_code":"CN"},"domain_registered":"2025-04-18","domain_rank":0,"first_seen":"2025-12-03T14:43:28.608781Z","last_seen":"2026-03-07T00:44:22.321285Z","alert_count":0,"request_count":1,"received_data":596935,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fqjpg5.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-14","domain_rank":0,"first_seen":"2025-08-25T01:14:58.379267Z","last_seen":"2026-03-07T01:47:07.653886Z","alert_count":0,"request_count":3,"received_data":0,"sent_data":1431,"comment":"","tags":null,"fingerprints":null},{"fqdn":"gikygdfzfnasktu.com","ip":{"addr":"45.204.71.19","port":443,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"domain_registered":"2025-03-13","domain_rank":0,"first_seen":"2025-12-30T14:13:43.602076Z","last_seen":"2026-03-02T02:48:28.30307Z","alert_count":0,"request_count":1,"received_data":7648,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/stui_default.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f231ce324e1865c62c3a34ad6021b0d","sha1":"3836b4a73e15f84d7bd2d369f913e36ea3c5c6d2","sha256":"3d40f403dc3f7c8eb502e280ea289944c10fb1adb17239a88969a8c4d21e0c36","sha512":"17f95e6e9e7518484d68a9e092ed83680ca997fd655b923628f902fd0776745e57ef9cfb5166a0957cf4dff4f949fc9b3aafae8ed1100320468b3379d2c5b9b0","ssdeep":"192:oYpTSe3ochkPHqdxJDuRX3WAVb3GHgqMqh5L:FpTS03gKdx9u1WUb3d7qhJ","tlshash":"93e16509b450613a847b7379eb2f6600fa21362760824d12bc7dc6d05fb1c5ab6b9fec","size":7433,"data":"","first_seen":"2024-12-31T10:28:51.277282Z","last_seen":"2026-03-11T02:04:59.801672Z","times_seen":273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"5aabfeb81fda10be5ecf28e2fb952ced","sha1":"59d85764a8da7a7f048b9c3d0152ea5a84964bc0","sha256":"f796f924638ba46a6ae1d20cadaf872bc40964b402d497b52458d904f1b9027e","sha512":"e5b16f12cab53587dc9b9b0887d296d0b2f80ccef51f5d1bb9f50d74bf21cc07c400cf69bca4580420a802afd4f527087429827bdb1eb584550272ef63a8b2b7","ssdeep":"","tlshash":"f341d1493a0ae13cb08da67ec61b43086116c51bd1b5d965b83688b47cfced3b3536cb","size":2127,"data":"","first_seen":"2023-03-07T01:19:43Z","last_seen":"2026-04-04T12:57:38.49234Z","times_seen":2723,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"60fd945d3341af46ce8ea58d1f3ad7ee","sha1":"46b899c238233046d4f8d9c6a5a675bf13028f20","sha256":"016276e7070cd8676ce8298363b4e6d35f14b22fffb1b22631e7daa843073819","sha512":"153364df325da42e182cd557325ba40d952300502dd354cfa45c60b0b6abeb47c6259f3e48623a77d008bffb3eba39e97dd26763fcbeb1c1c8ba0e14b5f1d6ae","ssdeep":"","tlshash":"a1714b865fe22474f917b86ccb1f9204363bd02b468a9d90744d81dcaff843a92b5ad7","size":3627,"data":"","first_seen":"2024-12-31T10:28:51.408799Z","last_seen":"2026-03-11T02:04:59.77367Z","times_seen":273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_ui_efb752.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dfac2893c6c62e4c301cd5014244f02","sha1":"747d7bb35e3c9ec4cc4027f76f0eece638d5eb7c","sha256":"2d7c836543fbb03e6c490efb2b18b85e001c1254a1106e970d57b6f4d4662da5","sha512":"01475eae47cbe375b744f0cde60db5ab714468332a05d0ca33e83f99399e2278a73ad9bed7147ca5d3a8fcee8a700378883ce65bb7a2d414851da7ed43327d1b","ssdeep":"96:BUrFraVkxXHMwEuxg2Y35DEYfElTzg2NgCucJkiTRoP5VYb5G6JS/lWrNaqsKQnX:qB+7wJm2Y35D1fWT8nCucJc5VGGg+gUx","tlshash":"0db1b45f79e330968a2330b49fff054c36319013650ddd947c0e92646fa9b942672fe9","size":5587,"data":"","first_seen":"2026-03-07T14:46:30.673034Z","last_seen":"2026-03-07T14:46:30.673034Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/js/jquery.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T15:48:44.569044Z","times_seen":60616,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"57ca1679beecd06eaa00944bec96c8d5","sha1":"90d2c545a94b7fa7ea2a0bb2e79d47db91cf7164","sha256":"7c766318d776596c427c9707337cc501d4a06a8186257b80a24d129fc3b97d42","sha512":"971021ae72ea21612944d42c4b9048028e447eb31df65c34a3311c1a6246773b9d8465eb20cb52c6b34099d5a7a714d791cd2eed9323764eed0b3addd104aa6b","ssdeep":"","tlshash":"27e07d9a8841d2e6d986b3bbffe0d368e8983b193817d83207101cd6221336fd446b4d","size":332,"data":"","first_seen":"2023-11-16T12:30:34Z","last_seen":"2026-04-04T15:25:57.554778Z","times_seen":8956,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/jquery.lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f13257e1a6a3b2077352edf7cd7af4e1","sha1":"0fb4127a71d25438210b4045aa1170ffd1346869","sha256":"4df3b748db289d5deedc9b683734a591419ba18a61fd0e10ce188643e90e1a1b","sha512":"f84480997866800ff52170e3b81473f689fb98a11721138a7825bef3a894d1f01967d3214735a1442910c5387c23437820065438d88fbb7030b943eef8d85b96","ssdeep":"","tlshash":"813142ecbb5258b62034b76f8432c6203399e8f7ad0fd080e2949ca8f89c5716123a57","size":1725,"data":"","first_seen":"2023-03-12T18:40:49Z","last_seen":"2026-03-11T02:04:59.770248Z","times_seen":276,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.jkuntupiaxxzz.com/upload/vod/20260207-19/172ac7a20f88b1494a11a860cb9dad6a.jpg","fqdn":"www.jkuntupiaxxzz.com","domain":"jkuntupiaxxzz.com","tld":"com"},"ip":{"addr":"64.112.76.43","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jkuntupiaxxzz.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Wed, 21 Jan 2026 12:48:17 GMT","end":"Sat, 20 Feb 2027 12:48:16 GMT"},"fingerprint":{"sha1":"13:B6:FB:03:73:AC:FB:95:B6:AC:D3:EE:C1:74:7E:9C:AC:34:45:34","sha256":"D4:F4:9C:80:D3:FC:BE:AF:59:CE:B4:39:CB:48:78:3E:9E:82:EE:02:8C:F2:13:C4:96:BD:34:C4:AA:F6:D2:54"}}},"request":{"raw":"GET /upload/vod/20260207-19/172ac7a20f88b1494a11a860cb9dad6a.jpg HTTP/1.1\r\nHost: www.jkuntupiaxxzz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 4605\r\nConnection: keep-alive\r\nLast-Modified: Sat, 07 Feb 2026 01:48:11 GMT\r\nVary: Accept-Encoding\r\nETag: \"698699db-11fd\"\r\nExpires: Mon, 09 Mar 2026 02:10:02 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: max-age=2592000, public, max-age=15768000\r\nCache: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4605,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 427x320, segment length 16, comment: \"Lavc61.3.100\", baseline, precision 8, 320x240, components 3","md5":"dddb54d1da6202d7bc8cc42d12267e05","sha1":"8e7321e0886b74a0bd6855e795176d3ffd9d5a91","sha256":"c405514c4ebf33483a5fec9f6fbd477424c2420047a73eb3e6a9b875bfedc9f5","sha512":"c1c769f93254e7b04a51fe76eed4edf59a450d7ed6c530817d7c5a3e63e4785243ddaf9a86f0cdc8886420cf3cf0fb66a832e01d35f2564fd697931be889e613","ssdeep":"96:fWs94CDnflQoEUlyeyWqEJjeK8jFa5iD0e8mXXOH+H00D:f57f/EUFJjeJFa8BSu7D","tlshash":"8c915c59db64e347e9d1523153704db122f612bf0b2b638619cce358486d2afac77734","first_seen":"2026-03-07T14:46:30.62711Z","last_seen":"2026-03-07T14:46:30.62711Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1276,"timings":{"blocked":144,"dns":1,"connect":146,"send":0,"wait":155,"receive":1,"ssl":826},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20250915/Y0ZJZhww/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20250915/Y0ZJZhww/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59718\r\nlast-modified: Mon, 15 Sep 2025 03:30:50 GMT\r\netag: \"68c7886a-e946\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59718,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 500x281, components 3","md5":"9bcafadec056a1f5e3d2f2c5fb2e228b","sha1":"520c1d107243ed845598082147b8d896249eeb55","sha256":"bb5c3daa72f200a3e531070acca52d8f71ed00166abb0ca6a763cf04a695f099","sha512":"28e8476153973d1d2a232ff54248c604c083fe1c21a389749354317861c835ca792ccfc8258fc53eb7e04517f147a8f4484e6eb77f5807d315f8b3d8583a27a8","ssdeep":"1536:dYU6ChVkxGJRr/WumuTlifv8C5q9wlXK/VddpizHM:2U64Vk8JR7NsMCY98XsVh2s","tlshash":"2d4302875ed485c4a2e951b341b84d67bd0eb0a475eecef7b8c21fa57488a1c6ce482c","first_seen":"2025-06-16T05:28:52.948795Z","last_seen":"2026-03-07T14:46:30.628152Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2251,"timings":{"blocked":1403,"dns":0,"connect":0,"send":0,"wait":645,"receive":203,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/tyctyc388-960x120.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /tyctyc388-960x120.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 14:45:34 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71518,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1504,"timings":{"blocked":-1,"dns":0,"connect":177,"send":0,"wait":304,"receive":0,"ssl":1006},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"11221.xn--gps-8y0gm25n.xn--55qx5d/d/11221?_t=1766049818","fqdn":"11221.xn--gps-8y0gm25n.xn--55qx5d","domain":"11221.xn--gps-8y0gm25n.xn--55qx5d","tld":""},"ip":{"addr":"116.211.128.174","port":443,"asn":58563,"as":"CHINANET Hubei province network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xn--gps-8y0gm25n.xn--55qx5d","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 14:22:13 GMT","end":"Tue, 07 Apr 2026 14:22:12 GMT"},"fingerprint":{"sha1":"01:F6:A8:64:D2:BF:90:49:78:62:32:E0:6F:0D:E9:33:66:39:30:EF","sha256":"5D:E4:BC:B9:AE:B1:76:CF:D1:39:B2:34:04:CA:CA:2F:97:94:D8:E3:B1:2D:D1:41:C3:4B:27:0D:1C:BF:03:26"}}},"request":{"raw":"GET /d/11221?_t=1766049818 HTTP/1.1\r\nHost: 11221.xn--gps-8y0gm25n.xn--55qx5d\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 07 Mar 2026 14:45:34 GMT\r\ncontent-type: text/html\r\ncontent-length: 145\r\nlocation: https://fsffbhd.4000522777.xn--fiqs8s/9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818\r\ncache-control: public, max-age=3600\r\nexpires: Saturday, 07-Mar-2026 14:45:34 GMT\r\nstrict-transport-security: max-age=31536000\r\nx-via-jsl: 437ea6e,-\r\nset-cookie: __jsluid_s=19b296084de9aee635b69d0fbb47fada; max-age=31536000; path=/; HttpOnly; SameSite=None; secure\r\nx-cache: miss\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":596432,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":2269,"timings":{"blocked":-1,"dns":1099,"connect":279,"send":0,"wait":595,"receive":0,"ssl":296},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 221348\r\ndate: Thu, 13 Nov 2025 10:05:50 GMT\r\nlast-modified: Thu, 13 Nov 2025 09:36:51 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.107\r\ntraceid: a3b5f39617630283506058409e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de3[0,0,200-0,H], ens-cache15.l2de3[1,0], ens-cache20.se2[0,0,200-0,H], ens-cache4.se2[3,0]\r\naccess-control-allow-origin: *\r\nage: 9866383\r\nali-swift-global-savetime: 1763028350\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Thu, 13 Nov 2025 18:03:30 GMT\r\nx-swift-cachetime: 31507340\r\nback_uri: /imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947339412286e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":221348,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 60","md5":"91a4c6f090426e12424905e992711b10","sha1":"a2cb6864351065d53d1c4c502877adfd11103e4a","sha256":"88584290d770ecec2239e81884a8bf52306a473d03aafbdb9a359555e3b9c439","sha512":"ce208676f2178d6a9c8498f495422167058647fabfe812391f392ada0df7088434bd33a8a718c4d24a53c7b9c77af94d83faf3815f6364c76d203f97fe9cdb36","ssdeep":"6144:k/sj3j3iWwPIu/wQFxkt8gRZI1ZpLugfoi:k/sjz3iVIgwUgRS7VffX","tlshash":"6124137ee1c01f226e0522e9a7b8bf1b05b55487ed84a47729bdf9d6c7482b3e7601c0","first_seen":"2025-10-14T12:40:30.101425Z","last_seen":"2026-04-04T15:25:57.275219Z","times_seen":8636,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:34.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 292628\r\ndate: Tue, 11 Nov 2025 08:54:59 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: 2ff6319517628512988766131e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache6.l2de3[0,0,200-0,H], ens-cache5.l2de3[0,0], ens-cache20.se2[0,0,200-0,H], ens-cache4.se2[2,0]\r\naccess-control-allow-origin: *\r\nage: 10043435\r\nali-swift-global-savetime: 1762851299\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 11 Nov 2025 09:03:40 GMT\r\nx-swift-cachetime: 31535479\r\nback_uri: /imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947340742448e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":292628,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"3a29654deae45805d8794954abbb5044","sha1":"42691fc8287fde23d6f03fb34434deabb343df14","sha256":"cc2627b8bf79a940675f68df3fcdb91bf14a94b98c1938dd334c2bfc62538bb3","sha512":"b272db82b275b8f2f0fe414b1f339432bc2663520931f602714e2ede08e8b655f766060cff98dda94f176180b3bcdc53a6e382c4faa10ce67ca13e8008f65353","ssdeep":"6144:Nq0IoTY/D/9IDmn8IDVS+jIDmn0JVr3AW9DuCDP:LTcNl5H03QuDuCDP","tlshash":"3c541216e3668b1f117098c1a1f16d7efaedaa1736f5aef1450c4c42053f9e8a339c62","first_seen":"2025-11-09T02:30:37.967304Z","last_seen":"2026-04-04T15:25:57.340317Z","times_seen":7807,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":15,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aosikazyy.com/20260227/OFspamAm/1.jpg","fqdn":"aosikazyy.com","domain":"aosikazyy.com","tld":"com"},"ip":{"addr":"64.112.78.71","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aosikazyy.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Tue, 27 Jan 2026 05:36:13 GMT","end":"Fri, 26 Feb 2027 05:36:12 GMT"},"fingerprint":{"sha1":"46:07:BD:26:C4:2F:43:47:7D:0B:DA:7D:56:AF:C0:48:AA:4B:A9:E4","sha256":"53:B2:F8:51:E2:31:14:5B:CB:D8:05:AC:D2:8C:38:EA:8C:4D:49:6E:8F:6F:EE:15:41:AC:AF:06:08:F5:64:1C"}}},"request":{"raw":"GET /20260227/OFspamAm/1.jpg HTTP/1.1\r\nHost: aosikazyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 192922\r\nlast-modified: Sat, 28 Feb 2026 02:33:26 GMT\r\netag: \"69a253f6-2f19a\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":192922,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3400x1912, components 3","md5":"1881a9473bb978978c4f65ce913d3f40","sha1":"fa3468755b077a1c14785209a1abb1a1952b16d4","sha256":"6e39e61a8a693f0b40cb1bd45a42096b2a6c2bc54bffea110232792d089ce576","sha512":"e9c957a87e9c2a6ac6f4f982d5366987ae5fbbd94f301e1e4c7b8c1b135b7051a2debd71cb0101234a2af385323d1bf8776fb1d51dbdf8fc349b97f0b7bce94c","ssdeep":"3072:q66bjbv2Ib6grd/2xhPTlEdK/ihxVrFnA1OfYCEr1fPV/EXFk1emngWpdfZxi2Kk:avbv3d27laKSrZHL2v/EXFuD7jfHqB6r","tlshash":"4314022ae301e126d98d17305de3db1c77b611a0e2619653a7e909372cee3593cacef1","first_seen":"2026-03-07T14:46:30.637148Z","last_seen":"2026-03-07T14:46:30.637148Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2970,"timings":{"blocked":1018,"dns":114,"connect":146,"send":0,"wait":475,"receive":366,"ssl":841},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thjpg2.top/upload/vod/20250301-1/2da5c40b1a6263406919911812abc853.jpg","fqdn":"thjpg2.top","domain":"thjpg2.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.957Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20250301-1/2da5c40b1a6263406919911812abc853.jpg HTTP/1.1\r\nHost: thjpg2.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":783,"timings":{"blocked":773,"dns":10,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fsffbhd.4000522777.xn--fiqs8s/9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818","fqdn":"fsffbhd.4000522777.xn--fiqs8s","domain":"fsffbhd.4000522777.xn--fiqs8s","tld":""},"ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:35.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4000522777.xn--fiqs8s","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Feb 2026 07:30:32 GMT","end":"Sat, 09 May 2026 07:30:31 GMT"},"fingerprint":{"sha1":"FF:0F:4B:0B:66:7A:99:CF:94:C0:49:3D:85:E5:C9:86:98:B7:37:5A","sha256":"43:BD:60:69:CF:8C:1A:A9:8F:2A:45:8B:67:9B:D8:CE:5E:AD:46:40:6D:E0:09:85:5F:16:F0:2D:FD:A5:D2:8E"}}},"request":{"raw":"GET /9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818 HTTP/1.1\r\nHost: fsffbhd.4000522777.xn--fiqs8s\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:35 GMT\r\ncontent-type: image/webp\r\ncontent-length: 596432\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hOLC5HmqcjsWJnZVgFTQa8gdfs%2BTfaJF7if5w2QIOCjLaESviF77E7%2BKPiXDJqXg8ifC0ywC0MVsGyUQu44fXJgU1tdUjtFm6A6YQ%2Fo1BfxJFvprNaT%2BBN7HMTo%3D\"}]}\r\nlast-modified: Fri, 12 Dec 2025 13:55:30 GMT\r\netag: \"693c1ed2-b42e7\"\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1;i=?0,cf-chb=(782;u=3;i=?0 1954;u=4;i=?0 77885;u=5;i=?0)\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: ok, orig_size=738023\r\nvary: accept, accept-encoding\r\nage: 6681\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\ncf-ray: 9d8a627e1deb2767-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":596432,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"70e27bd33ccc423d6ca629fe1a2694a3","sha1":"8f9b122d30952f553d18eb43f1a0d8fa43616f05","sha256":"2e4d5ced9b2775a2fcf90c86296064a475d629e3abfa9bc388d4c7e58a924b5a","sha512":"ccc4192c2f2d5bfdf26a698e8c1b065b607055b3c5cff1a3a3b5bbfa8cc0b1631d7d281bf5028d596a6ffd4f757b5f362015caa1b480563f58d7f8a32c3e79b4","ssdeep":"12288:o+1WCsh1cclbxyjPvVfdwCAqlH3JbHk55dJt9uMYpNlR:oush1cobxcGOHW5J5YT","tlshash":"32c42345e8fe2db59265a33cacf61a129dd700e96cd520591c9aff633ce0a4705ecf48","first_seen":"2026-02-12T00:35:26.594188Z","last_seen":"2026-04-04T15:25:57.357303Z","times_seen":2172,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":1,"connect":0,"send":0,"wait":24,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/jquery.lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/js/jquery.lazyload.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 1725\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1725,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1625)","md5":"f13257e1a6a3b2077352edf7cd7af4e1","sha1":"0fb4127a71d25438210b4045aa1170ffd1346869","sha256":"4df3b748db289d5deedc9b683734a591419ba18a61fd0e10ce188643e90e1a1b","sha512":"f84480997866800ff52170e3b81473f689fb98a11721138a7825bef3a894d1f01967d3214735a1442910c5387c23437820065438d88fbb7030b943eef8d85b96","ssdeep":"","tlshash":"813142ecbb5258b62034b76f8432c6203399e8f7ad0fd080e2949ca8f89c5716123a57","first_seen":"2023-03-12T18:40:49Z","last_seen":"2026-03-11T02:04:59.770248Z","times_seen":276,"resource_available":true,"data":null}},"time_used":569,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":569,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2026tu.myxuanxuan.com/mt2026-8qssd0z7qb","fqdn":"2026tu.myxuanxuan.com","domain":"myxuanxuan.com","tld":"com"},"ip":{"addr":"101.33.21.239","port":443,"asn":139341,"as":"ACE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2026tu.myxuanxuan.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Mon, 18 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"89:A5:51:BC:5F:09:A7:47:86:8A:45:EC:EE:78:46:C6:17:A3:08:CD","sha256":"02:BE:A0:16:7A:20:13:EB:60:A2:1D:D0:AF:87:4C:A4:41:0C:07:C7:1A:35:F8:CA:F3:EC:E7:F0:21:5F:15:C7"}}},"request":{"raw":"GET /mt2026-8qssd0z7qb HTTP/1.1\r\nHost: 2026tu.myxuanxuan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:21 GMT\r\ncontent-type: text/html\r\nlocation: https://img.alicdn.com/imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif\r\ncontent-length: 138\r\nx-nws-log-uuid: 13382024647768086002\r\nx-cache-lookup: Cache Miss\r\nstrict-transport-security: max-age=1;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":643569,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1695,"timings":{"blocked":-1,"dns":725,"connect":146,"send":0,"wait":253,"receive":0,"ssl":570},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.meituan.net/portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif","fqdn":"img.meituan.net","domain":"meituan.net","tld":"net"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:34.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meituan.net","organization":"北京三快科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 03 Jun 2025 10:52:10 GMT","end":"Sat, 27 Jun 2026 07:00:02 GMT"},"fingerprint":{"sha1":"0C:29:B8:8B:74:6A:6C:C5:4B:6B:8C:7E:F5:C5:E8:A7:B1:26:B8:CB","sha256":"40:B3:D3:3A:FB:0A:FF:94:27:86:35:5E:B7:62:00:AE:DE:30:88:34:15:60:5F:60:9F:C0:E2:9D:2E:BB:5C:83"}}},"request":{"raw":"GET /portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif HTTP/1.1\r\nHost: img.meituan.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 406836\r\nserver: openresty\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,OPTIONS,HEAD\r\naccess-control-allow-private-network: true\r\ncache-control: max-age=5184000\r\nm-traceid: stnbw2foodf7203m9zij\r\nlast-modified: Fri, 05 Dec 2025 07:15:26 +0000\r\ntiming-allow-origin: *\r\nx-via: 1.1 PS-HKG-04JZz35:6 (Cdn Cache Server V2.0), 0.0 PSrdsdgemSTO1sw92:6 (Cdn Cache Server V2.0)\r\nx-response-cache: edge_hit\r\nage: 1\r\nx-cache: HIT from cache.51cdn.com\r\nx-ws-request-id: 69ac3a0e_PSrdsdgemSTO1sw92_15597-43420\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":406836,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"34578e43aadd0f0be311cfc623f3391e","sha1":"895f4361fbcd073db0535c831ba4424822b131a9","sha256":"b762e8d34521fe2e17fbbf032cc05edb46f8b217bbcf7bf030c6b98a50d66760","sha512":"a9cfe1c1e668f7de244195d0b606c8adeaad8f2a940629a72c1d552b6c238797219dc0e05fa423bec6fb3580686e402e4f352b2f1983b04e48b03642dc445cdd","ssdeep":"12288:v1HhfMhcKYspUXuT184HQIOO+EP/WvWG7/:dBfI/dwIIEWvWG7/","tlshash":"448423aadb664e34d5904c2fc1fb890fc4c476e9e3f716e69b36a9098bf7253448e040","first_seen":"2025-11-06T09:50:46.694344Z","last_seen":"2026-04-04T13:29:05.000019Z","times_seen":6868,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":0,"dns":0,"connect":21,"send":0,"wait":28,"receive":97,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/js/lazyload.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 3627\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3627,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"60fd945d3341af46ce8ea58d1f3ad7ee","sha1":"46b899c238233046d4f8d9c6a5a675bf13028f20","sha256":"016276e7070cd8676ce8298363b4e6d35f14b22fffb1b22631e7daa843073819","sha512":"153364df325da42e182cd557325ba40d952300502dd354cfa45c60b0b6abeb47c6259f3e48623a77d008bffb3eba39e97dd26763fcbeb1c1c8ba0e14b5f1d6ae","ssdeep":"","tlshash":"a1714b865fe22474f917b86ccb1f9204363bd02b468a9d90744d81dcaff843a92b5ad7","first_seen":"2024-12-31T10:28:51.408799Z","last_seen":"2026-03-11T02:04:59.77367Z","times_seen":273,"resource_available":true,"data":null}},"time_used":569,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":569,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251028/uyWrybD5/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251028/uyWrybD5/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 27003\r\nlast-modified: Wed, 29 Oct 2025 05:50:59 GMT\r\netag: \"6901ab43-697b\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27003,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x404, components 3","md5":"ef1a8931fc67b089321d90fe8a400456","sha1":"abf3f9df1e43f09facf1a1dacd36351dc3127a34","sha256":"0ae71e406b8ee93503bb30f04825f30e59ab2c0e004df791257d5735f5653535","sha512":"b2da4d264882e1ef902645990d002d046b3e7084168b87325f365e69b7d7a1509a9f9234320ec06d7078127247845eabbbeac5606fababf3cfc20732c4706483","ssdeep":"384:9wBmFB6gjQ4+ahC7BRMMO8kOjFZsIpxjJlkr6jEUeFd8uiGph5/jMH7VYjLv:CBo6+caY7BnO8FZLlWKmP3pzbMH7Vmv","tlshash":"39c2e120130b5ca8e518463f24d46b0cb6a06de9df13d01aba48dc33bba24d35e02fb6","first_seen":"2025-10-31T21:53:41.994076Z","last_seen":"2026-03-07T14:46:30.642706Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2351,"timings":{"blocked":536,"dns":318,"connect":172,"send":0,"wait":564,"receive":286,"ssl":464},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic10.msn87.com/pic/20211229/2dd64143a6e9490f5724ca33f64b0262/1.jpg","fqdn":"pic10.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"104.21.50.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20211229/2dd64143a6e9490f5724ca33f64b0262/1.jpg HTTP/1.1\r\nHost: pic10.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20898\r\nserver: cloudflare\r\nlast-modified: Tue, 28 Dec 2021 16:32:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cSsNfU])\r\nage: 223896\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WuzfcFzgIu2wQFwuEdsX8ftKLteNRJ852PLG5zWvCcbRUclXWXRrLLjUEiLpIBqRcUKmFPJ3bxYXKQTeOEuAygdkv7zonkS9PvV08BDsCQ%3D%3D\"}]}\r\ncf-ray: 9d8a626a9d249a3e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20898,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 406x405, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x406, components 3","md5":"d1b9f463808946febc42bb44924b84f0","sha1":"059b2fef0b4baa7eb8664424682730b19da3dbb2","sha256":"03f3040ec5fd15e382dbfe6934bec423eecc30cdc76b3159df90600a849ffd67","sha512":"e1124654ba8d649ef97ffe3c0c26ea8e043e227aa2206b14ccd631d77a75419ea0f4e13bb10891a7c561eda6aa2d604553084e0b74e344a590279fd6ff5232e4","ssdeep":"384:wJQLcjyUtDxkC3zfYgw/nxbNcknkwCx7ECagxtn5SEez2Q5DgES1GVM:wJiuyW1kC3TYgw/jnw3LXAEcsEDVM","tlshash":"b592d02d13a974609512227edf572032294f31bc716bd4f98ce41da8726da2f8caa5f3","first_seen":"2026-02-01T03:28:01.784462Z","last_seen":"2026-03-07T14:46:30.644613Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1029,"timings":{"blocked":437,"dns":2,"connect":11,"send":0,"wait":19,"receive":1,"ssl":554},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.jkuntp.com/upload/vod/20251015-23/c6c537b62dd3ea3996694f10127e8153.jpg","fqdn":"www.jkuntp.com","domain":"jkuntp.com","tld":"com"},"ip":{"addr":"64.112.76.43","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jkuntp.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 16 Mar 2025 16:00:52 GMT","end":"Wed, 15 Apr 2026 16:00:51 GMT"},"fingerprint":{"sha1":"13:82:6E:FD:22:A6:75:AF:0E:AE:85:B2:6A:97:BC:28:30:41:41:12","sha256":"50:62:73:3B:FC:2E:0C:CA:14:8B:44:E2:B4:B5:5B:20:6C:AA:A6:E4:97:C1:05:C1:6A:A6:C0:5E:92:40:4F:5A"}}},"request":{"raw":"GET /upload/vod/20251015-23/c6c537b62dd3ea3996694f10127e8153.jpg HTTP/1.1\r\nHost: www.jkuntp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 55324\r\nConnection: keep-alive\r\nLast-Modified: Wed, 15 Oct 2025 02:40:31 GMT\r\nVary: Accept-Encoding\r\nETag: \"68ef099f-d81c\"\r\nExpires: Sat, 14 Mar 2026 03:14:35 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: max-age=2592000, public, max-age=15768000\r\nCache: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55324,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 813x812, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 600x337, components 3","md5":"7c0f997982d11af054510320d7aace14","sha1":"1c41f66b56c354be42d1d16544872042e5ba9c97","sha256":"f8956439f58e0f5a6a794f3d4589dacd4cec28c64b63fa4aaf75c7936f9c3ab0","sha512":"91d841817c6306ed0322ae37e1cfa14ccfc92bbedcab691fdf0b163e4d8f6d9d28283163c57bad150d234beb320ab97d4fcf2ae0a497d64b871e22d415a0afce","ssdeep":"1536:3665XRTPq+9yTIVYgoIvrOeRLfSGqvoKGCS:KoTPq+w7gvqeRLph/","tlshash":"0243020de279f68cc754b6f7a56ea481a3eca825b20d223a4d30567cd2a81d71f3819d","first_seen":"2026-03-07T14:46:30.646236Z","last_seen":"2026-03-07T14:46:30.646236Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1643,"timings":{"blocked":590,"dns":0,"connect":152,"send":0,"wait":206,"receive":230,"ssl":464},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fqjpg5.top/upload/vod/20250905-1/a577360d6c635fa4efe04209b6ca5d2e.png","fqdn":"fqjpg5.top","domain":"fqjpg5.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.946Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20250905-1/a577360d6c635fa4efe04209b6ca5d2e.png HTTP/1.1\r\nHost: fqjpg5.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":658,"timings":{"blocked":657,"dns":1,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aosikazyy.com/20260227/LQjvJiJ5/1.jpg","fqdn":"aosikazyy.com","domain":"aosikazyy.com","tld":"com"},"ip":{"addr":"64.112.78.71","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aosikazyy.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Tue, 27 Jan 2026 05:36:13 GMT","end":"Fri, 26 Feb 2027 05:36:12 GMT"},"fingerprint":{"sha1":"46:07:BD:26:C4:2F:43:47:7D:0B:DA:7D:56:AF:C0:48:AA:4B:A9:E4","sha256":"53:B2:F8:51:E2:31:14:5B:CB:D8:05:AC:D2:8C:38:EA:8C:4D:49:6E:8F:6F:EE:15:41:AC:AF:06:08:F5:64:1C"}}},"request":{"raw":"GET /20260227/LQjvJiJ5/1.jpg HTTP/1.1\r\nHost: aosikazyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 189845\r\nlast-modified: Sat, 28 Feb 2026 02:33:06 GMT\r\netag: \"69a253e2-2e595\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":189845,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3400x1912, components 3","md5":"02c4363c0d62938e02710396a8c1b205","sha1":"1844d62f499e0deac9163b03c46c33f1eda4fa7b","sha256":"8eefbe32d80ece81eaa21efd8385373c369889e55778745ee42207629600b48c","sha512":"9f5ae233491c421dd99ace0b1f29c92a56a33466d5dfc2d987ebeb9201bd970c96356727313f7e6d0839f4b2bf4e9f9a71ce1d9375ca6ef23aee42c40bbc2726","ssdeep":"3072:+XZMkTKqXN3Gf0mPUtD6bc8+JtP//A3BDy+A4OJ3DUbV42E+yXd9:+J9TXk0KU4ohPHCBQ4OJAJ42D6d9","tlshash":"e6040275b716e632ca0c23b48ef34f1e7f52016292d656165bf7482091a53487cafbf2","first_seen":"2026-03-07T14:46:30.647689Z","last_seen":"2026-03-14T16:17:44.039749Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1988,"timings":{"blocked":189,"dns":1,"connect":147,"send":0,"wait":579,"receive":348,"ssl":706},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251027/kwxF9tu9/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251027/kwxF9tu9/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59003\r\nlast-modified: Tue, 28 Oct 2025 05:15:12 GMT\r\netag: \"69005160-e67b\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59003,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 850x477, components 3","md5":"d3116686fc434206622489bbb90bbaec","sha1":"54d0c562f4f612ee4b5daa5035ba0fd69310bc7b","sha256":"d6814bd1c8447f621edb84ba75479428869f71726f2c53c9b18c107a5d0c8a36","sha512":"3b76ac0fe6fa562b042e64a0fe5bf7834bd3874173424065be11229ba92aed7afc8dfee6792b0722384d223d3852e0470abbe88a49777fa8858b9185b33498d6","ssdeep":"1536:900K/k9SpO0/oOBJksffg5oyQNak1bEP9Rmw6N6Ryq:C0KGKtfBJksf2oyQIkx8Gmp","tlshash":"f343f22b1e45d720cd7b2d63d921027a98c9466c1398bf4daa78446f9cc5f28b189df1","first_seen":"2023-09-24T09:31:15Z","last_seen":"2026-03-07T14:46:30.6493Z","times_seen":15,"resource_available":false,"data":null}},"time_used":1868,"timings":{"blocked":547,"dns":305,"connect":151,"send":0,"wait":290,"receive":168,"ssl":389},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uqetyzxa.com/20250226/PTrmgIOY/1.jpg","fqdn":"uqetyzxa.com","domain":"uqetyzxa.com","tld":"com"},"ip":{"addr":"23.226.79.50","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uqetyzxa.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Sat, 04 Oct 2025 04:35:31 GMT","end":"Tue, 03 Nov 2026 04:35:30 GMT"},"fingerprint":{"sha1":"35:4C:C5:44:92:0E:41:CE:D4:5A:4D:FA:3E:AE:FD:A8:9A:99:23:7D","sha256":"95:56:60:EC:7C:FE:1D:20:91:87:3A:27:EB:B1:49:0B:CD:A8:CD:AF:7F:3F:3A:EB:73:AA:AD:45:8C:CB:4B:F2"}}},"request":{"raw":"GET /20250226/PTrmgIOY/1.jpg HTTP/1.1\r\nHost: uqetyzxa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 263095\r\nConnection: keep-alive\r\nLast-Modified: Thu, 27 Feb 2025 03:10:01 GMT\r\nETag: \"67bfd789-403b7\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: public, max-age=15768000\r\nCache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":263095,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=15, height=3307, bps=194, compression=LZW, PhotometricInterpretation=CMYK, orientation=upper-left, width=4133], baseline, precision 8, 800x538, components 3","md5":"ca4312276177ad0da766c9a5cddfa129","sha1":"4189131f95aa2c83f4e51a428ea569213823fe62","sha256":"1754bca2f688c203bca1af281833229d9d8ef298463d094e43467c07823cf548","sha512":"8d67a72a3713e4c00454acb012ba7cd9898ad71d0289527b631fd233f57674d2bc815fb3090c0190506525bfe58e724bb49a2975a27e3f92fcdd439985c104d5","ssdeep":"6144:PHSHqc4S2j9ODB7dcvzFap7p7D+0R3pWjwTVPf:foO7oDxdcvs7p7KE3B9","tlshash":"a3442337d3908e33ef80777c55b2e62a2364e92816f39241789d498c77be2d7589e413","first_seen":"2025-11-27T23:39:57.873171Z","last_seen":"2026-03-07T14:46:30.651181Z","times_seen":3,"resource_available":false,"data":null}},"time_used":2134,"timings":{"blocked":788,"dns":0,"connect":162,"send":0,"wait":217,"receive":563,"ssl":391},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.souavzy.info/upload/vod/20250616-1/6e5d5c67935a5d69d713357cecebbbbe.png","fqdn":"img1.souavzy.info","domain":"souavzy.info","tld":"info"},"ip":{"addr":"104.21.12.156","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"souavzy.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 25 Jan 2026 01:03:28 GMT","end":"Sat, 25 Apr 2026 02:02:04 GMT"},"fingerprint":{"sha1":"B5:4D:EA:D3:4F:97:AA:F3:CD:32:47:A3:B0:04:E7:76:2D:95:1B:71","sha256":"DE:1A:A9:94:5F:14:35:2F:84:62:B6:B8:72:6E:3D:74:FE:FC:43:1B:38:14:47:B3:E4:56:5F:90:95:E5:C3:56"}}},"request":{"raw":"GET /upload/vod/20250616-1/6e5d5c67935a5d69d713357cecebbbbe.png HTTP/1.1\r\nHost: img1.souavzy.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fEJyBIBV08S6sbzFbQZT3XVr6zI3oCMansy72taoTp%2BXGnn%2FaLchTKzKOLCwsBZaWfFbfDOncq2QEX9LYqzyqLOik1tw9%2BH2dcPSEItJ1RXr\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9d8a62642a0cd9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":548,"timings":{"blocked":-1,"dns":42,"connect":8,"send":0,"wait":472,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uqetyzxa.com/20250302/qZMbYYvd/1.jpg","fqdn":"uqetyzxa.com","domain":"uqetyzxa.com","tld":"com"},"ip":{"addr":"23.226.79.50","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uqetyzxa.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Sat, 04 Oct 2025 04:35:31 GMT","end":"Tue, 03 Nov 2026 04:35:30 GMT"},"fingerprint":{"sha1":"35:4C:C5:44:92:0E:41:CE:D4:5A:4D:FA:3E:AE:FD:A8:9A:99:23:7D","sha256":"95:56:60:EC:7C:FE:1D:20:91:87:3A:27:EB:B1:49:0B:CD:A8:CD:AF:7F:3F:3A:EB:73:AA:AD:45:8C:CB:4B:F2"}}},"request":{"raw":"GET /20250302/qZMbYYvd/1.jpg HTTP/1.1\r\nHost: uqetyzxa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 252287\r\nConnection: keep-alive\r\nLast-Modified: Mon, 03 Mar 2025 03:52:03 GMT\r\nETag: \"67c52763-3d97f\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: public, max-age=15768000\r\nCache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252287,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 816 x 480, 8-bit/color RGBA, non-interlaced","md5":"fea2a934676f9a03955a688883eaf094","sha1":"77ed18d066199ff2915240dc1bfd4cd0a077f422","sha256":"ef800c9b09b8d2be828a3931e899aa93fb2aa5352de2c54b527a69ea927e78de","sha512":"e750813e4a47d7305cc053b62e2b2724fa48efdfe95b54582deb02126bde3c3a414af5d53e6741a53717af97da0568bce36d99116029ac78c0da6ed4fac27555","ssdeep":"6144:YOD5FFAGel83DSeUjKQRQ/7+8Ppy1n0WUtnhXF3+MA6IcX:n3FXlUjji/qv1n0NXM0JX","tlshash":"f23412cdd62028f72ecae0c399f76894bf5a6c7122ebc7643e13d1790657685af21708","first_seen":"2023-08-24T23:11:32Z","last_seen":"2026-03-07T14:46:30.653577Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2093,"timings":{"blocked":773,"dns":10,"connect":163,"send":0,"wait":228,"receive":537,"ssl":373},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 343870\r\ndate: Tue, 24 Feb 2026 09:21:16 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: 9b66a79b17719248762374431e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache25.l2de4[0,0,200-0,H], ens-cache37.l2de4[1,0], ens-cache17.se2[0,0,200-0,H], ens-cache4.se2[4,0]\r\naccess-control-allow-origin: *\r\nage: 969856\r\nali-swift-global-savetime: 1771924876\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 24 Feb 2026 09:25:39 GMT\r\nx-swift-cachetime: 31535737\r\nback_uri: /imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif_.avif\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947325358992e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":343870,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"238239bf4773f01ca956b4660db9fc08","sha1":"b16e1c73e5b4baa750f587eb54dfcbeac7f53a13","sha256":"3ef3e2cdea8b61bd88b40faf96f6b6c2dfc326104b04ee58f1f4b1798dfb7668","sha512":"97df4878d6567c54a0bce399d2b9b59d132f45b59c839c3d0968a623d6cd2f476c06006d77bf2905e8d6a1ab28709193c01fb384630c08f0508950ea126d8dd4","ssdeep":"6144:skDFXvr1efkuVrBSJVEL0KLIN/odsqTwtZfV0KLkbMHjnFf5n1QL9CFMEk9V1:ssF/r1dudB2EYKW/o+qTAJCKobMpxn1I","tlshash":"3c7423fe483949d4316b3e6518376eff00e8fe29125962567dffb4e270c482c119b6a2","first_seen":"2026-02-24T09:59:59.873572Z","last_seen":"2026-03-15T07:53:53.560019Z","times_seen":1004,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":7,"send":0,"wait":15,"receive":31,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T14:45:29.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /s/%E5%8E%95%E6%8B%8D.html HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/html;charset=utf-8\r\nvary: Accept-Encoding\r\nx-frame-options: Deny\r\nset-cookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a; path=/\r\ncache-control: public, max-age=3600\r\ncontent-encoding: gzip\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cMsSf ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":99442,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (52832), with no line terminators","md5":"d2c5c5f8a732ccc9d6f125885f0e6f32","sha1":"335b7aa30ef25e70ddc3867433db6b0bc63ea6ff","sha256":"e819a4937c7e889608fa5d72e38ed9e94b3bbc8da0449a34ea6d109e0a37e65f","sha512":"976cdd3d3bb56b79f57171bb0eb4e7974cafa459b7f8ddff109ebda74cc8c7144dbece2cb63e4ad7cfca945b8a59fd063719c764f45215d49a8cd71c27728f66","ssdeep":"768:hV6YCiIGmsCHuPtc9NHIJTbxOlY/XrWUFNK4qToURuoNfamGLFlnsp6vq/LwpuJ+:hV6YCiIgg6i/RUACIU1egce/JL+Wv","tlshash":"5da3657a44e13a3fa1b788de60d617dae2e3165ecaa38f04bffc1a1c57c5d84b521109","first_seen":"2026-03-07T14:46:30.656406Z","last_seen":"2026-03-07T14:46:30.656406Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1094,"timings":{"blocked":429,"dns":108,"connect":157,"send":0,"wait":236,"receive":0,"ssl":161},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sex8sex811.com/20250625/MMc5ttsN/1.jpg","fqdn":"sex8sex811.com","domain":"sex8sex811.com","tld":"com"},"ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex8sex811.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 22 Jun 2025 13:10:45 GMT","end":"Mon, 22 Jun 2026 13:10:44 GMT"},"fingerprint":{"sha1":"C9:53:EE:A5:BF:D8:DA:43:BD:4D:33:2D:23:50:62:EE:70:A0:CD:A5","sha256":"0D:37:98:9E:87:92:F0:5C:60:79:C3:46:29:6A:A3:16:B6:D0:7B:AD:75:40:95:A3:1E:67:B0:45:0C:F2:BC:15"}}},"request":{"raw":"GET /20250625/MMc5ttsN/1.jpg HTTP/1.1\r\nHost: sex8sex811.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 404\r\ndate: Sat, 07 Mar 2026 14:46:30 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":2476,"timings":{"blocked":475,"dns":1,"connect":155,"send":0,"wait":1157,"receive":0,"ssl":685},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20250928/kdeMlXbp/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20250928/kdeMlXbp/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 61957\r\nlast-modified: Sun, 28 Sep 2025 04:27:44 GMT\r\netag: \"68d8b940-f205\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61957,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 500x277, components 3","md5":"dc8b19a1110dd0418ed757bb133c8067","sha1":"747ee520a2f6ffb337c9f14039b9a15d93c09369","sha256":"fd26475cce0c34dc8226a05f357b9153c364190d8b3632d39f0e2d950944c158","sha512":"5d3539be25554e377301c4a81b6b22bc9e27283a077b74fb139b7b57ed3bdeac4eb93a027f3d2a05487454223e8b55aafe1a1c4e2cab63c930c10eb17daeba9d","ssdeep":"1536:Ra8UpwX275PPsuBdMZI/AQWBiBhdhlnN6E7itN8/Io2:h4dPsuBdMi/joiTuYiA/Io2","tlshash":"a75302e8693a67f521250ce7c42b0cbc73e07175128996a510f4b6f46c50a3fca5e9dd","first_seen":"2025-09-29T18:12:24.675622Z","last_seen":"2026-03-07T14:46:30.658045Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2184,"timings":{"blocked":1404,"dns":0,"connect":0,"send":0,"wait":647,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gikygdfzfnasktu.com/20260107/dSzm0d7e/1.jpg","fqdn":"gikygdfzfnasktu.com","domain":"gikygdfzfnasktu.com","tld":"com"},"ip":{"addr":"45.204.71.19","port":443,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gikygdfzfnasktu.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Thu, 13 Mar 2025 17:37:39 GMT","end":"Sun, 12 Apr 2026 17:37:38 GMT"},"fingerprint":{"sha1":"12:23:26:62:5C:A2:E2:99:5C:83:29:57:82:BB:45:5C:64:24:1B:B2","sha256":"9D:8F:D1:8E:12:6D:76:3B:62:BA:E4:E7:7A:FD:71:8E:51:7D:50:55:DB:6A:ED:61:01:94:62:A7:13:85:9C:3F"}}},"request":{"raw":"GET /20260107/dSzm0d7e/1.jpg HTTP/1.1\r\nHost: gikygdfzfnasktu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7295\r\nlast-modified: Thu, 08 Jan 2026 03:14:58 GMT\r\netag: \"695f2132-1c7f\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7295,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 159x112, segment length 16, comment: \"Lavc61.3.100\", baseline, precision 8, 320x240, components 3","md5":"71d3f4195761a9c96d6e7ff9feddc9da","sha1":"6ceb20d003375b95e0b07a0af23cc2695198102b","sha256":"ca98e2a368d0e55d5dfac7a43438361a0b15e38edd4699bc752c89e95f585137","sha512":"c8ec868f94741651b97129792f2dd97c5d0ec8564b9fd80c8daf2201ef229c514adb709dae110dec504d1e59ff5baad639319ec03721823da13a6a4ba3f4504d","ssdeep":"96:2eTpf+98ClFF14VOHa9IZanLgrny49JBtQxdPq5Dh4PhI61htL9O6dQaIXqJTGX+:URrZygryQQql4ZIGhtLOXAyXZdUdl","tlshash":"ebe1bf83e505f2a2c7cda8b37ec380399842d28e7504bc7ec5b2e51dd43285e03aa532","first_seen":"2026-03-07T14:46:30.660547Z","last_seen":"2026-03-10T22:35:48.407424Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1333,"timings":{"blocked":283,"dns":1,"connect":158,"send":0,"wait":180,"receive":1,"ssl":702},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thjpg10.top/upload/vod/20251109-1/27549d591544eb41a2e2c98018068d38.png","fqdn":"thjpg10.top","domain":"thjpg10.top","tld":"top"},"ip":{"addr":"67.21.86.10","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thjpg10.top","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Thu, 23 Oct 2025 00:00:00 GMT","end":"Sun, 22 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A1:DD:6F:C8:CB:E5:E4:9A:08:29:AE:9D:02:A4:3A:C4:A4:54:50:DF","sha256":"2A:56:36:CC:F2:D8:91:6F:CC:98:1D:43:D0:BC:EC:7E:0D:B7:58:7B:CD:1F:F6:45:BE:B6:F1:44:38:00:C7:47"}}},"request":{"raw":"GET /upload/vod/20251109-1/27549d591544eb41a2e2c98018068d38.png HTTP/1.1\r\nHost: thjpg10.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Length: 146\r\nContent-Type: text/html\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nServer: nginx\r\nX-Cache: BYPASS, Status: 404\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1418,"timings":{"blocked":465,"dns":2,"connect":146,"send":0,"wait":148,"receive":0,"ssl":655},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:34.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 44406\r\ndate: Sat, 08 Nov 2025 08:42:46 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: a3b55ca117625913666853618e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache2.l2de3[0,0,200-0,H], ens-cache11.l2de3[1,0], ens-cache9.se2[0,0,200-0,H], ens-cache4.se2[3,0]\r\naccess-control-allow-origin: *\r\nage: 10303368\r\nali-swift-global-savetime: 1762591366\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sat, 08 Nov 2025 09:25:38 GMT\r\nx-swift-cachetime: 31533428\r\nback_uri: /imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947341372512e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":44406,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"7fe888844a25455b732401ff74cfd8ab","sha1":"8d19e04de42c10ba020a85c53ce0a89e68228df8","sha256":"f85ce364be6d1d2dd090b2fc02ab3e6dc3013b61a85576e4c0eb4ad8fa408e31","sha512":"a046e5c42fbd73895fe7f7add8d2511b9f5aa297d99ec108c8f47cd4546a16af813bfc54314c865b4c13a74c7be17429c341d1ecc327ee344074221732ba2d2e","ssdeep":"768:/6Qbzz7QUHPIskU5/Eg59QCK5Py43ZKFbVeI0D0gwKjewJ+Tsxfz0JWOyndv7mzv:ykQnskU9lXFK5P3ZKFbV10YRKjdfzOgW","tlshash":"3813013d7682d0410e2e367675f0c638fb9ad9dac96d34dbba795528644403c7c0939b","first_seen":"2025-11-09T02:30:37.980535Z","last_seen":"2026-04-04T15:25:57.457665Z","times_seen":7888,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/846-960x60.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /846-960x60.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 14:45:33 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221348,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1223,"timings":{"blocked":-1,"dns":7,"connect":148,"send":0,"wait":152,"receive":1,"ssl":909},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/home.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/home.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 21303\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21303,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (310)","md5":"76033e849ea3eaaaf2ee30234c201d42","sha1":"2ebff75cbb0f01f21541591f5b913b1ad807bc8c","sha256":"621a59634240b148bf71d280734527cf1f5bcb73cb363670d3e17a79dd2aa127","sha512":"3b626747f35232f4eb4ed0980f369f1bbb734edba096f6e4408717b925a9f0c995e7048e27dd22447140a3e068d115aa67d11a0654194feff7d178a01bc4063c","ssdeep":"384:XnyduJhhJQInrPgLZiS0Wa2N79nI1SaEAsVWkcEMtEUphhl6mPJZRBL5HvMPf:ikB5Sqq79nI1SaEAsVWkcEMtEUDhl6ma","tlshash":"efa28422d6475c0db12be5b07c6a5bae334f5067a6073bacfda73428c18d2b80532789","first_seen":"2025-04-07T20:38:33.162771Z","last_seen":"2026-04-04T13:17:57.55397Z","times_seen":2722,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic11.ysj77.com/pic/20220108/6be5dc47d96412d19ae1946ab8d81aff/1.jpg","fqdn":"pic11.ysj77.com","domain":"ysj77.com","tld":"com"},"ip":{"addr":"172.67.184.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ysj77.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 27 Jan 2026 06:29:19 GMT","end":"Mon, 27 Apr 2026 07:26:51 GMT"},"fingerprint":{"sha1":"0A:1A:82:10:D0:C2:10:8B:54:7A:7F:87:81:41:4D:F7:87:59:5B:5C","sha256":"52:17:3B:A7:00:6E:E8:6C:25:9E:BF:B9:76:97:A4:6A:02:0F:9D:F4:68:9F:4E:DA:B1:D3:EB:E7:B6:1F:81:2D"}}},"request":{"raw":"GET /pic/20220108/6be5dc47d96412d19ae1946ab8d81aff/1.jpg HTTP/1.1\r\nHost: pic11.ysj77.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 65645\r\nserver: cloudflare\r\nlast-modified: Sat, 08 Jan 2022 15:21:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TcAv%2BwG%2BRPrjTVZMfGfpbfB6hppTSFNgsuDT7vuTPX%2Bx5M6YSeBtZfpwSIZggjOrWRMUAPF%2BUj2Q45HicuxQFrM9PierGWS6FslhWNlsqQ%3D%3D\"}]}\r\ncf-ray: 9d8a626a6f72a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65645,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density -805x-858, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x482, components 3","md5":"f455dcbda90969d02e11a15cdf3f66fa","sha1":"3143fc2467b71416414129a72aef8f73465b1d5d","sha256":"cbd128266eaa71af00df2bfc92baa5dd4e892ae29c4cded9ab069748f50dd12b","sha512":"2d3d87c59e2776d5e35c0ac01ddf650c035958b3acc7c8a60ac6ee6702457ffae327f528b06f11fede24d4d5fb534caf3135b6aacf959404fd0ba11d5829c04d","ssdeep":"1536:m6y/C680HYt+7f2Im5U1AZNPOQBS3w0tC/l58DEEZM:m604DXUK2FtCrQe","tlshash":"3d5312d45c18f8809432fa88f6ea815274b0b765ef5d4dfbac145e41f06ea707036d6a","first_seen":"2026-03-07T14:46:30.665217Z","last_seen":"2026-03-07T14:46:30.665217Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1668,"timings":{"blocked":385,"dns":2,"connect":11,"send":0,"wait":349,"receive":345,"ssl":559},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d18wfmxtvthwf6.cloudfront.net/pg/980x120.gif","fqdn":"d18wfmxtvthwf6.cloudfront.net","domain":"d18wfmxtvthwf6.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.192.209.189","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:37.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /pg/980x120.gif HTTP/1.1\r\nHost: d18wfmxtvthwf6.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 340665\r\nlast-modified: Wed, 14 May 2025 14:12:32 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 06 Mar 2026 01:27:11 GMT\r\netag: \"b4c14c37321b858948f5616dbb436738\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2f3a70deb5812eb0e48215ada7b72404.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: NXglCWhPu-R6TdKbeG6iatD_qNpGqK_m6Ng9GgTsiluW8-do2cc9kA==\r\nage: 134307\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":340665,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 980 x 120","md5":"b4c14c37321b858948f5616dbb436738","sha1":"e98847771ba3752949935dc11f4c7d4d8c14c787","sha256":"f5c79e791b436ecf1ad188dbe87ad4b35d3b9956bcf766600fb134f2a014131f","sha512":"a197f0fbc291afe3bcae5d35d05a23269e80fb7828215f41244c6136b63656c239fe6d24b4e2d6dc1ba713f06c7dfea763904a794043aba806c273f3311dc6e4","ssdeep":"6144:gFli6a0djJW4zenv4zenEO1LDyD3/wGR/Yi/wGR/Yi/wGRz3VkvJ6KI7KqmQIkX5:5p+3SSSJiD3/Z/Z/HMJ1IbI1I1kU1","tlshash":"4a741314e221ad80fe3a923b49f1c8f1a53d56f498afa9770661e7d4c6f44d0bf448e2","first_seen":"2026-02-01T06:13:19.223962Z","last_seen":"2026-03-15T12:50:18.76148Z","times_seen":1922,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":20,"receive":14,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/images/bg.jpg","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:31.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/images/bg.jpg HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_custom.css\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/jpeg\r\ncontent-length: 952025\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":952025,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2019:10:26 13:53:48], baseline, precision 8, 1920x1024, components 3","md5":"bc82604928704df760442a998901fb32","sha1":"3959ebbc224dc0c9b1a02f9c74808b85759fe5ac","sha256":"c8d15a3625795e17188a1b3356679e5acdb54b9fe3e7f2862c448556fcb832e1","sha512":"8e30a5694e3e65dd1eaba7d9e8a3b329894a5e20a2d6b62c15b82001448d2675148d7f52306a8f69cc9de5f2fc3f14dd2e62102a34c40c734a1c852a4699438d","ssdeep":"12288:8vQYBAt/XUPr8y5bNDkR0qwvM5T4QTqmO07Hc8n6WwSjzMa8zQEKiw8mFB48OqmM:uy/X0HbhM9J7O8wS/8rKjxFBfdlX","tlshash":"471523e48f3b6a58d856d57e93531bcc896224735329e82078cfb49bb710316fe6272c","first_seen":"2024-12-31T10:28:51.403753Z","last_seen":"2026-03-11T02:04:59.774977Z","times_seen":267,"resource_available":false,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":427,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fqjpg5.top/upload/vod/20251024-1/c533251b7b968c17a022247ace244085.png","fqdn":"fqjpg5.top","domain":"fqjpg5.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.936Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20251024-1/c533251b7b968c17a022247ace244085.png HTTP/1.1\r\nHost: fqjpg5.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":568,"timings":{"blocked":568,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"txdy.hznunxc.com/960x120.gif","fqdn":"txdy.hznunxc.com","domain":"hznunxc.com","tld":"com"},"ip":{"addr":"157.185.128.120","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"txdy.hznunxc.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 11 Feb 2026 00:00:00 GMT","end":"Mon, 11 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"90:1B:5C:BB:4A:86:94:97:1F:FD:C6:4E:1E:49:73:4B:A8:80:1F:A7","sha256":"AF:92:C9:25:B6:70:75:C0:04:EC:5E:04:B8:5F:6F:C1:11:04:3A:C3:D6:3E:61:46:65:D5:81:E5:D9:BE:03:37"}}},"request":{"raw":"GET /960x120.gif HTTP/1.1\r\nHost: txdy.hznunxc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:33 GMT\r\ncontent-type: image/gif\r\ncontent-length: 119760\r\nexpires: Sat, 14 Mar 2026 12:28:02 GMT\r\nserver: nginx\r\nlast-modified: Mon, 29 Dec 2025 06:33:05 GMT\r\nvary: Accept-Encoding\r\netag: \"695220a1-1d3d0\"\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nvia: 1.1 PS-ORD-04i3e151:8 (W), 1.1 PS-FRA-01uMN61:10 (W), 0.0 PS-CDG-04gzn111:12 (W)\r\nage: 1995451\r\nx-px: ht PS-CDG-04gzn111none\r\nx-ws-request-id: 69ac3a0d_PS-CDG-04gzn111_41006-53911\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119760,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"149b6d51518d57a39011a6971132ffa2","sha1":"529eeaead1047e4eddd186cfad5015aa987c4e14","sha256":"72c2db6b6259e584134783af7112131d031638bd29be489d53f58d7db2a8b7fb","sha512":"2e2e211b2e27bb10b1deed4cb4460866eeaff5ae5bcac6a550d7906225add955ad68ae8efdf5133d8fb7783a29d00cb72d170af8305c4fd510b5e3ea5a0a155f","ssdeep":"3072:l/GDzsUvQAUdTbhVQ3VFYDAoY/JJM6jqYm433v1:u4UI3TbKVcYDMFQ339","tlshash":"36c3123b424b4782376d70b07bf1e6058186800eae7a3597a562ca870fb1e7585ddc93","first_seen":"2025-12-29T08:49:02.459481Z","last_seen":"2026-04-04T15:25:57.273623Z","times_seen":4445,"resource_available":false,"data":null}},"time_used":1172,"timings":{"blocked":-1,"dns":7,"connect":35,"send":0,"wait":35,"receive":40,"ssl":1053},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pg888.12img707989.com:5658/8888/pg507/pg120.gif","fqdn":"pg888.12img707989.com","domain":"12img707989.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":5658,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pg888.12img707989.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Feb 2026 04:24:03 GMT","end":"Sun, 17 May 2026 04:24:02 GMT"},"fingerprint":{"sha1":"A2:78:04:63:2B:CA:BE:C2:FB:3F:31:EE:5D:22:4F:D0:20:B7:2D:A4","sha256":"D3:2A:FB:29:36:10:8B:B7:D5:60:5A:68:5E:02:82:D8:14:1F:89:6A:00:EA:73:6D:19:85:46:E9:F3:1A:D2:F1"}}},"request":{"raw":"GET /8888/pg507/pg120.gif HTTP/1.1\r\nHost: pg888.12img707989.com:5658\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:33 GMT\r\ncontent-type: image/gif\r\ncontent-length: 732135\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Mon, 05 May 2025 10:11:05 GMT\r\netag: \"68188eb9-b2be7\"\r\nexpires: Mon, 06 Apr 2026 05:15:40 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":732135,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d812f0151d7042065067e76fe039facc","sha1":"a48f9c692fa3916903db45819d4050f52d747a33","sha256":"849c1d8c67e9a3151b4a14d3b70e23e4abc3649dcac2e397587afedc70dcf25e","sha512":"a082dff74f4a12e121b6f185ba58d228399af7fa6f50df9d8a891c42d01724d7381842985926980c2e35d1f4b352ff7b425000682f6bdbb0038153d9893ff43f","ssdeep":"12288:RzuTwzuTwzuTwzuTFs9yJuVwrVwrVwrVwrV5eGrQSoSoSoSKDu4OVDu4OVDu4OVQ:RuTeuTeuTeuTFw1WrWrWrWrjeGkSoSoV","tlshash":"43f42339d14794a6938b0a7b9f1411a46305de26a7f220398327f987bc46793ffdb80d","first_seen":"2025-11-21T00:36:15.392801Z","last_seen":"2026-04-04T15:25:57.438535Z","times_seen":7865,"resource_available":false,"data":null}},"time_used":2999,"timings":{"blocked":-1,"dns":189,"connect":255,"send":0,"wait":515,"receive":1213,"ssl":822},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 218186\r\ndate: Tue, 10 Feb 2026 08:16:14 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.094\r\ntraceid: a3b5019d17707113743023013e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache19.l2de4[0,0,200-0,H], ens-cache2.l2de4[1,0], ens-cache17.se2[0,0,200-0,H], ens-cache4.se2[3,0]\r\naccess-control-allow-origin: *\r\nage: 2183358\r\nali-swift-global-savetime: 1770711374\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 10 Feb 2026 08:18:40 GMT\r\nx-swift-cachetime: 31535854\r\nback_uri: /imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947326911141e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":218186,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"c746674e75d4ad03a61fdb261ee49376","sha1":"8cf71520c90c49746b49b3d4172bec815f88ee9c","sha256":"d6c1f96b8762b8f0d419fae7639ee8e519f2c0714d3a765288cd08bc58d4424f","sha512":"03a5ca97a917978cfb706777139f3cc069c6c8e06b09872c9783baa4aee2a701bc49ded5b8713748d6a90ff3f79ab0dd6aaf497e6863f44abe03e32cac5721fd","ssdeep":"3072:n9qyzDgNNsg1X0jksIxGcivXXfG2Qk6hBKofVLHhLHd6DlzLgkHEXLZ0EUHQ5JC+:nkQkTkwsmivXMk6hE8VT6z9EMHQPH7","tlshash":"dd2413479e0f1c4665c41b1ab473a3b71b32cb9cfa83506e43667e7b81a84b97207937","first_seen":"2026-02-10T10:56:09.229979Z","last_seen":"2026-04-04T15:25:57.38549Z","times_seen":2204,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/favicon.ico","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:37.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/x-icon\r\ncontent-length: 9662\r\nlast-modified: Fri, 25 Nov 2022 03:52:55 GMT\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncache-control: public, max-age=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9662,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"71529c6c1859edb1c6ce9f886b180c1e","sha1":"9c6010f7d9a41f291acede94fad9d6cd55f870d0","sha256":"730b17663255ab30eb66e884e5424d1942e62e87ac34b97a27d35c5676794157","sha512":"0609efb67e4fef36197f6ee6ba7e8775a52fc0e3091fbcf9e5f9358d26e0a81cbfefc19f736c781c6b263eab5fb0fe9a77fb9577a11197ce800602d946da3900","ssdeep":"96:9aUjFG6ePtjIr1PaqPzleIVEdmbS1ZfuY5RydchNNgSwxGXKGU9D32pb0:ctwxaq5eIVEd6I95A+hzgSMjGUhW0","tlshash":"d0122b0697349b1ac9298d358cef8dbaa3353fcbf9050757318c7a7e38a2032674518c","first_seen":"2025-05-11T08:12:38.80427Z","last_seen":"2026-03-11T02:04:59.84058Z","times_seen":280,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":155,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_ui_efb752.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /abc/fixed_ui_efb752.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\ncontent-length: 5587\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5587,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"6dfac2893c6c62e4c301cd5014244f02","sha1":"747d7bb35e3c9ec4cc4027f76f0eece638d5eb7c","sha256":"2d7c836543fbb03e6c490efb2b18b85e001c1254a1106e970d57b6f4d4662da5","sha512":"01475eae47cbe375b744f0cde60db5ab714468332a05d0ca33e83f99399e2278a73ad9bed7147ca5d3a8fcee8a700378883ce65bb7a2d414851da7ed43327d1b","ssdeep":"96:BUrFraVkxXHMwEuxg2Y35DEYfElTzg2NgCucJkiTRoP5VYb5G6JS/lWrNaqsKQnX:qB+7wJm2Y35D1fWT8nCucJc5VGGg+gUx","tlshash":"0db1b45f79e330968a2330b49fff054c36319013650ddd947c0e92646fa9b942672fe9","first_seen":"2026-03-07T14:46:30.673034Z","last_seen":"2026-03-07T14:46:30.673034Z","times_seen":1,"resource_available":true,"data":null}},"time_used":587,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":587,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/iconfont.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/iconfont.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 19902\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19902,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16467), with CRLF line terminators","md5":"39c2739b6d55e9832b6c0e7d9d41b1fc","sha1":"db0f8bb9f305d2707e4534b1cd81832d8351443f","sha256":"e008aff2fa6af8c6c807ef56e9941ec779ff610ce6cf4593b68bf428b0083bdf","sha512":"304ee57da4b65768df28a2c4444d707f215baee1785c2c9e6462845a2506955b47b021448fb639ea3444ca49491b32de4503f7c1cbda75149a6ee0a0380ad763","ssdeep":"384:ADvOCmyD64axmrZmdyES6+OZz12R1Z6EvzdmDAugHQFy:AjOCjDxakZhJuF12R1HADAugHcy","tlshash":"ec925b77894e24a21711f599f24362459f94776a9a821caff08b3d8c83fb21893c77dc","first_seen":"2025-05-11T08:12:38.776845Z","last_seen":"2026-03-11T02:04:59.815639Z","times_seen":268,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/css/a_pc_wap.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/static/css/a_pc_wap.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 2876\r\nlast-modified: Mon, 24 Oct 2022 09:16:10 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2876,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"74a8b81d486fd0fab0c1e1a21faf815c","sha1":"3671d10e96160cba777510eafe225a6fab98dbdf","sha256":"db0fd01915d66b5e8e03851256f02c85422be168cf9b2b68ab776878447f9e1c","sha512":"9399229eae7fd56b29d69e0cacc7b2a439aa45fb392df8549e04ed3fd81ee280694bf2a96acebdfc759862fb7a863fcba5e4adc4228c40bb25ac75fbca504226","ssdeep":"","tlshash":"2e515a162b6f2488a80ba1b85fb567686a294053bb0fcc2975547324ff4e78d09b2789","first_seen":"2023-11-16T12:30:34Z","last_seen":"2026-04-04T15:25:57.379425Z","times_seen":9227,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.jkuntp.com/upload/vod/20251022-13/db55cda9b9ef0b8c80c29e67bdc96709.jpg","fqdn":"www.jkuntp.com","domain":"jkuntp.com","tld":"com"},"ip":{"addr":"64.112.76.43","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jkuntp.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 16 Mar 2025 16:00:52 GMT","end":"Wed, 15 Apr 2026 16:00:51 GMT"},"fingerprint":{"sha1":"13:82:6E:FD:22:A6:75:AF:0E:AE:85:B2:6A:97:BC:28:30:41:41:12","sha256":"50:62:73:3B:FC:2E:0C:CA:14:8B:44:E2:B4:B5:5B:20:6C:AA:A6:E4:97:C1:05:C1:6A:A6:C0:5E:92:40:4F:5A"}}},"request":{"raw":"GET /upload/vod/20251022-13/db55cda9b9ef0b8c80c29e67bdc96709.jpg HTTP/1.1\r\nHost: www.jkuntp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 51981\r\nConnection: keep-alive\r\nLast-Modified: Wed, 22 Oct 2025 12:09:42 GMT\r\nVary: Accept-Encoding\r\nETag: \"68f8c986-cb0d\"\r\nExpires: Sat, 21 Mar 2026 12:54:22 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: max-age=2592000, public, max-age=15768000\r\nCache: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51981,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 600x337, components 3","md5":"55a24b4024b8dc14406360e95facebf2","sha1":"17073c3d215e870c4f61e8420acd9a9c1325765f","sha256":"1df87c1b0850d29fa221e8516b0dbd0b65f7dc860f900494fff465e3a0ee3fc2","sha512":"593290555a5b316b6e2ab073ec85544d875631c7df6f2301af079bf1b302c4fbfd076aa444de99717f0b04f7e4bfb4ac4c6be165c45992d5938493516196bebe","ssdeep":"1536:Q8/V7erC0YfOGpCBlpGI2sMnDyfQdiddp7u:5krCFOVEps/QWdI","tlshash":"2033f162c35cce48c345e1a558bd709bc72ed18f86f6422a4629f1dcd21968368bee4f","first_seen":"2026-03-07T14:46:30.676638Z","last_seen":"2026-03-07T14:46:30.676638Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1674,"timings":{"blocked":-1,"dns":298,"connect":151,"send":0,"wait":193,"receive":210,"ssl":821},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 442163\r\ndate: Tue, 03 Mar 2026 08:23:21 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 2ff6309f17725262013815622e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache1.l2de4[0,0,200-0,H], ens-cache37.l2de4[1,0], ens-cache12.se2[0,0,200-0,H], ens-cache4.se2[4,0]\r\naccess-control-allow-origin: *\r\nage: 368531\r\nali-swift-global-savetime: 1772526201\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 03 Mar 2026 08:32:25 GMT\r\nx-swift-cachetime: 31535456\r\nback_uri: /imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947326871131e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":442163,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"a959dff57b5058e20b52d9eee9856451","sha1":"f429b441579c13a080de49602a836dc091809ed6","sha256":"b55482457dcd5b1a75ccd8af9902c9d9ccf11451e79300f43b4bef9a94260474","sha512":"cb38c08e2b12d580f0a3425f51b2d1af7914d8914881fd188915ad897d7d150000c7c807edf0ee7c4e003333ae6491a1693f369c2932d220549d896a00154db5","ssdeep":"12288:MbOF/O5B0GXiLvxLv9Qu2R3J0rKuDmQvmQP8AtpW6:sb0xdQJ0zdv4sW6","tlshash":"6c9423bb6dfb9054a8130fa829e7061ccb80de8446ec2a79a9571ff7189872cbd1c855","first_seen":"2026-03-07T00:44:39.681251Z","last_seen":"2026-04-04T15:25:57.392955Z","times_seen":1787,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic10.seaige.com/pic/20220107/915b74c4e71545ddc1fd4c08e55ad1fc/1.jpg","fqdn":"pic10.seaige.com","domain":"seaige.com","tld":"com"},"ip":{"addr":"172.67.148.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"seaige.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 07:33:34 GMT","end":"Mon, 13 Apr 2026 08:32:12 GMT"},"fingerprint":{"sha1":"19:EE:9B:AB:41:95:87:98:13:6D:A8:B7:E9:1F:6D:21:D7:EA:56:03","sha256":"36:37:FF:D3:08:18:6A:E6:07:B3:60:AA:73:6D:CD:9F:1B:56:96:58:D9:C6:70:19:7E:A7:BF:36:3B:62:4E:78"}}},"request":{"raw":"GET /pic/20220107/915b74c4e71545ddc1fd4c08e55ad1fc/1.jpg HTTP/1.1\r\nHost: pic10.seaige.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16296\r\nserver: cloudflare\r\nlast-modified: Thu, 06 Jan 2022 21:02:03 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a76doKfG8MVgUS4Z%2FrqqaSizUzsBMEe40moUfEkF%2FbCGdnTD%2FRsLLx0dRvcamILbAGaN7XiGRAW4Lg2PKZBnQWwcbFw51RX7scpdh3MkjvA%3D\"}]}\r\ncf-ray: 9d8a6263e9f6527d-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16296,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x406, components 3","md5":"8f9b81477635aee6269f26ee44e42911","sha1":"aa852cb083d250681f4f53be8fca33dbe283b6fd","sha256":"1ffdc8d9c49c4324f4290f00dd1e903ff6fa5675bd62234cb970e3b124ceee26","sha512":"21449a64a0376da254385ae97d6dc6b1cac0d150aff04eaae577435fa60773f4377b6385131199333836efb4d010d30ad979de1f3bd754413a911849697f6473","ssdeep":"384:W6sSIdKudBDcbtwH9oPhZB0T2OH3jlakPGVc5urzbE81uMGIi6YHdBM1D:5sn9kwQhv0qqObrHE/SxY81D","tlshash":"1f72cf1a1aabe292df87a7ef1f38439830477b6739528a5a0df8045cdf7d0a146b5c31","first_seen":"2025-10-24T08:17:21.736195Z","last_seen":"2026-03-07T14:46:30.68048Z","times_seen":3,"resource_available":false,"data":null}},"time_used":545,"timings":{"blocked":-1,"dns":21,"connect":10,"send":0,"wait":330,"receive":156,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1212.syhze.com/8888/xm/5088/120.gif","fqdn":"img1212.syhze.com","domain":"syhze.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1212.syhze.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 05:10:16 GMT","end":"Thu, 21 May 2026 05:10:15 GMT"},"fingerprint":{"sha1":"0E:AF:BB:57:33:D9:8E:52:FC:E0:72:FB:99:E6:06:AE:75:3F:77:CD","sha256":"73:97:CE:47:3B:96:59:73:01:A9:E5:B5:E4:AA:29:99:2E:75:1A:0E:52:57:08:31:66:51:91:6E:D4:8A:EC:94"}}},"request":{"raw":"GET /8888/xm/5088/120.gif HTTP/1.1\r\nHost: img1212.syhze.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:33 GMT\r\ncontent-type: image/gif\r\ncontent-length: 443228\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Mon, 16 Sep 2024 13:02:03 GMT\r\netag: \"66e82c4b-6c35c\"\r\nexpires: Mon, 06 Apr 2026 05:15:21 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":443228,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"6dfeb48901b7cd79256ac55ca0e057ad","sha1":"7f5be548b85f2c58a5a75f89831a60372e1fd49e","sha256":"077c10e1c5dda6d69f6cdb1cd61bd9b88d46ab20a09a0d1cd575348b422a80f6","sha512":"eb336246e254747a2ba6cc9ce2a793aa4919f2dce04f7327f82f33fbf1b7177a0a828bb4fdb687af252189476332345f9ca15e7a1163b0c572194b8b27464c45","ssdeep":"12288:bITYwMITYwMITwzFWFbSimWFbSimWFFL851b251b251b251ba:sYwTYwTakQcQc/87272727a","tlshash":"bb9412d3e4ea2823c6a62244ca9df7d57f411156653ea3d79b6b3f100e52d22e0ced09","first_seen":"2025-11-21T00:36:15.409425Z","last_seen":"2026-04-04T15:25:57.338806Z","times_seen":8016,"resource_available":false,"data":null}},"time_used":2878,"timings":{"blocked":-1,"dns":164,"connect":252,"send":0,"wait":493,"receive":1259,"ssl":709},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/images/icon_1.png","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/images/icon_1.png HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/png\r\ncontent-length: 3830\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3830,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced","md5":"86a08d6414b3b4765c491754ec643a7a","sha1":"fd3836f342f364fd1256e4771ab8ea09e43a712a","sha256":"1747b1c6af855a759831aea9d54e1a0d580758eff12106d9ac9de432909b59f2","sha512":"254deef757a53d9974e0e2ddade4e73462fde559789aeebc836b62fca01e053217204d6d2fa48a6947c347b1a0c6ffc87c643f83884a02dff133f904308613a4","ssdeep":"","tlshash":"f0817e88a9940c1b108f05ba5abf8619802fa75456591e4cebff434f4924c103d75a2f","first_seen":"2024-12-31T10:28:51.246429Z","last_seen":"2026-03-11T02:04:59.808231Z","times_seen":268,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":591,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.souavimg.com/upload/vod/20251208-1/b4eecf7e45e4e982060d5ba15c9cae13.png","fqdn":"img1.souavimg.com","domain":"souavimg.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.923Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20251208-1/b4eecf7e45e4e982060d5ba15c9cae13.png HTTP/1.1\r\nHost: img1.souavimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251029/DfGMbk7l/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251029/DfGMbk7l/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 251201\r\nlast-modified: Thu, 30 Oct 2025 02:57:58 GMT\r\netag: \"6902d436-3d541\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":251201,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 8000x4492, components 3","md5":"77203e8b1bd965f5774d8a03a8a8331a","sha1":"e8ec74e513e4109aae1d9054898414e4f2db3322","sha256":"a5c8db374d8692bf8914205ee3cff39960c1ebaa6d38b4b56037f665b05cf1dc","sha512":"b1d89e21161f8166a6f008e06bced87fdb0ee373f64129a85df31eaa936ef68ec293fd8e76c2f3064b119f3d0f3f79ed4f3995a50a855fd5904774250fa210be","ssdeep":"3072:Qk7bM0sgcSaV0ZVIMvV5Rz2hOri5sHpzvVbi/zBsuHthJz0aByn:Q0TcSaLmZKYUEV0suFz4","tlshash":"10349e67eb0195a7c4a81770c8d30f387f7380b993a24643efa6093558bb764bd6db81","first_seen":"2025-10-30T06:10:42.100831Z","last_seen":"2026-03-07T14:46:30.684009Z","times_seen":3,"resource_available":false,"data":null}},"time_used":2520,"timings":{"blocked":484,"dns":370,"connect":172,"send":0,"wait":549,"receive":371,"ssl":557},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20250915/UhAIYm5H/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20250915/UhAIYm5H/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 57295\r\nlast-modified: Tue, 16 Sep 2025 02:39:41 GMT\r\netag: \"68c8cded-dfcf\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57295,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 500x281, components 3","md5":"48fbf3fdde0e51cba427edeb74bbb8a9","sha1":"42af0180b37ccf42d014acdaa008299c0eeb81a0","sha256":"ca57bb6d59ce638d02d77fda5dd08f585a8bf2a3c9b59ed8faf443f6faba9f86","sha512":"7f92a7448e0434d382e446b17e5e95f414110376a1fcb6fed358d7c70da38bc4de8f3692a0581d71254e4e08e189d4bb802de97f5aa85447db38d486a2ffba3f","ssdeep":"1536:d03cDkz+gy2HCPmVMClYY9eAPrEhMICizpFZB/2Qa63ApOx:ScfZu2Cy8ivzDTOQa63ApOx","tlshash":"fd430121c713fdc17dbf2ebc2a77edf168aa011990e481c265a12766732840766d813f","first_seen":"2025-09-17T09:31:01.512761Z","last_seen":"2026-03-07T14:46:30.685011Z","times_seen":11,"resource_available":false,"data":null}},"time_used":2226,"timings":{"blocked":1402,"dns":0,"connect":0,"send":0,"wait":647,"receive":177,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20250510/WODgWFlG/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20250510/WODgWFlG/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 6873\r\nlast-modified: Sun, 11 May 2025 01:31:48 GMT\r\netag: \"681ffe04-1ad9\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6873,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 320x427, segment length 16, comment: \"Lavc61.3.100\", baseline, precision 8, 240x320, components 3","md5":"a59248e6d3023d46e7cef270bf3f9026","sha1":"0ac52a1a1db87b65014aa3118bbae942f28ff30a","sha256":"62f9057da2dfbb921b66a5e37f9229b349bca66c5f1d7aba28a43005be532406","sha512":"199ed799f679bb30e2ee6d0788738c4f7cdb15d0c3efd8c9942357cf846c386db31b25f0a897af53d746ee549da6e98992345acaabca698034a625084584e22f","ssdeep":"96:NLbJhd8Wf1Sht0nxtP3bmbh1aLETsEWG3cZ9JWFewXAhnxPKEB52bUe1IYcNsSMU:9F8WfiMxt/bmbh1zT1WGYJNwsZJUVVe7","tlshash":"e5e19f933e55b72647794272ef1a78062283f7d4971dfdb2234ac929d4120f6c8d87c2","first_seen":"2026-03-07T14:46:30.686635Z","last_seen":"2026-03-07T14:46:30.686635Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2256,"timings":{"blocked":1401,"dns":0,"connect":0,"send":0,"wait":645,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jkunnzyx.com/20251025/N9mAgGoS/1.jpg","fqdn":"jkunnzyx.com","domain":"jkunnzyx.com","tld":"com"},"ip":{"addr":"23.226.76.18","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jkunnzyx.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Mon, 21 Apr 2025 22:32:53 GMT","end":"Thu, 21 May 2026 22:32:52 GMT"},"fingerprint":{"sha1":"5C:AB:E5:A8:E4:AE:C3:22:F4:0A:A8:5E:67:A2:82:7C:2F:E9:FF:15","sha256":"F0:E6:94:84:C1:8B:61:08:C8:8B:73:5D:FC:4C:45:F6:D0:B9:83:3B:D9:48:CA:24:D1:E5:E2:E6:94:A4:A5:2C"}}},"request":{"raw":"GET /20251025/N9mAgGoS/1.jpg HTTP/1.1\r\nHost: jkunnzyx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 40728\r\nlast-modified: Sun, 26 Oct 2025 03:13:49 GMT\r\ncontent-disposition: attachment; filename=\"1.jpg\"\r\netag: \"68fd91ed-9f18\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40728,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 600x337, components 3","md5":"778c41b76af5c5d068433cda86d0fce9","sha1":"3fad77530efbdc4cb093ef0d6b8c6a1a56192454","sha256":"16cfd8674eaf7941f37bf982c0deb81aa7295953ae20b3852b7559ebf793a1bc","sha512":"92e9c0bf74a435c0ce7211c7b71e66658eb898fe17936a59ec60d5472c0fc09c4249ff7de15107aa2f95f0a7fa6c5cf861243bb0f222bb7f2f375f4eee541816","ssdeep":"768:Q3ypdXz7ta9h5bNjE56/hY1qWTsrdsUNb46Y3IxU+uI+oewffB8k:Q3y7XoxbtJ4ysUxDMeQI9nB8k","tlshash":"2503f121cf888ad42024d87b4f31f9c30d1ae185e0953fcf5972d4da468f1caa8b49ee","first_seen":"2026-03-07T14:46:30.687853Z","last_seen":"2026-03-07T14:46:30.687853Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1551,"timings":{"blocked":557,"dns":1,"connect":148,"send":0,"wait":147,"receive":215,"ssl":478},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 403606\r\ndate: Fri, 13 Feb 2026 05:15:30 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: 2ff602a017709597307166529e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de4[0,0,200-0,H], ens-cache21.l2de4[1,0], ens-cache13.se2[0,0,200-0,H], ens-cache4.se2[2,0]\r\naccess-control-allow-origin: *\r\nage: 1935002\r\nali-swift-global-savetime: 1770959730\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Fri, 13 Feb 2026 05:15:46 GMT\r\nx-swift-cachetime: 31535984\r\nback_uri: /imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947326951145e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":403606,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d0bbd6e83f13d75dfd204a1757309ff3","sha1":"e038ef39d13d339f32a585f16bb2c65ba607093e","sha256":"9a3c716b0b97716ba8136b243a3468b50aa62cc130b43e213a54a5ba7ec584db","sha512":"43143383b5711607d3ae0f52732f519740355a23c0c4d2675828f1d6833b94e9be3f08b3fea365f4d2d38310a887306992a9ff7318f7e50128cfcc47052c9fb0","ssdeep":"6144:z+H10Njx+v7YjWPE8zi+PEoTXoSzqoSNEyzNaJG97ztF8M7zMM9e3ZXKGLSgLnZt:zo6VxLzZoTdVygU9Xz8MXe64z9t","tlshash":"c584235252134f3e81aa071ed92e5c883c6ad886d612eb23977fc875b7019dd9234eb3","first_seen":"2026-02-13T06:47:10.3791Z","last_seen":"2026-04-04T15:25:57.512951Z","times_seen":2181,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3ccefxs96519j.cloudfront.net/MGM/980x120.gif","fqdn":"d3ccefxs96519j.cloudfront.net","domain":"d3ccefxs96519j.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.192.209.125","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:37.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /MGM/980x120.gif HTTP/1.1\r\nHost: d3ccefxs96519j.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 95663\r\nlast-modified: Fri, 08 Aug 2025 06:03:40 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 06 Mar 2026 01:37:40 GMT\r\netag: \"5a8005b75112b36916f21318ae457043\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 62e740a3ccdabe7c6d3d19052f330dca.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: rdHFlM3Ee2zL_99qgKjN3H2pNQa35i1xMciBSnZ3ZIEiVVYJ-oo8ow==\r\nage: 133678\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":95663,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 980 x 120","md5":"5a8005b75112b36916f21318ae457043","sha1":"180f1ab095baa331066bf1708261d848d55789bf","sha256":"21b3d38760be3d6aaa1088bd68000cf9a0bd24b91baa7e4a93647a97f4f07e7d","sha512":"64180ea90a0dfec12e275bf1f6b3674bfcb69393177e726cbd5c6b03bc091acb7ad77429f6154f96e6071db087131f467c507c1fd95224faac5660fa71635d45","ssdeep":"1536:E2YoK+ONw4XmLHmnjNZ3CTtyO+cL2g1nB+VFS0O6QXkHv288jVG187LWL:77zONw4XqGnB1CxyO+c6cB0O6S6v288s","tlshash":"6c931279b8e135395715549e88ea6b0229ec29a1dff8d5e0fd3ffbe012400fba084752","first_seen":"2025-11-17T16:26:00.337909Z","last_seen":"2026-04-04T15:25:57.321922Z","times_seen":6317,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":4,"send":0,"wait":3,"receive":4,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_default.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/stui_default.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 8632\r\nlast-modified: Mon, 28 Nov 2022 10:40:46 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8632,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"de42f9c833c8e866d2ee1ad9557fb90d","sha1":"ab1787be48e1a3c380c14fb5bd4a444883a6481d","sha256":"739a867909294dd85dff62a79ec946d670d5bbc7f393c5ba6e2415a526567f54","sha512":"25ae7045ef0267aa6d05dd3c853c314e29e4be352e171cff3aa4c0f9d9717f4cfa7961b108d0668a3b2b81760414a1b18c89c086ffed174743bc9872f43a8360","ssdeep":"192:qlrWxfWoIStpFAmczoGFgqrxGdF82BO1s:VvtpbHc9GJ4a","tlshash":"7b021e545643391cb13f9f8bfaf309a97968b02eb71325eaf611687ec3c25c084f6589","first_seen":"2024-12-31T10:28:51.351676Z","last_seen":"2026-03-11T02:04:59.832551Z","times_seen":269,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":434,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_custom.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/stui_custom.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7184,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"5cf07a615feb2c7badba17568d54d867","sha1":"254a3471f5a1789ce1393fe472fd9b06bc0b5320","sha256":"33229779e47c3c87ccb6dd53e394252ead4033504adb870ca3a2d96d84d69cf0","sha512":"fe4394f3dfa32ad3e0a7aea10a4b16fc2ecb97382daab8628d7b94a78539b2ead2dc6a47d61ef518694a67ece4eda79fb2788ac910e003308de6f06739e244f0","ssdeep":"96:yx3nTMi4RkPvkgeu+WwZee8SP1fjOaICa3zzg9ygSdgznqf8eN5VRB0P:yx3nTMiGkXqT5P1fCbC/sgSYqf8wRB0P","tlshash":"efe10362de0a142a313bcaee21f2d542eae770d0f9052bbd7e632059ff4d0c9583e585","first_seen":"2024-12-31T10:28:51.280111Z","last_seen":"2026-03-11T02:04:59.769486Z","times_seen":270,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/data_5a8f80.json","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:31.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /abc/data_5a8f80.json HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 14:42:19 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300\r\nage: 192\r\ncontent-length: 9710\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9710,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3caca765a4e3d85a25ba2616bfe3f588","sha1":"13e382153f21038ae0e9c98a8be6f9a54dbc8754","sha256":"15a6cc47ecdf08628eb485b211f07183b81c00500e54c1815b0aa9bc1169d829","sha512":"476cfd5a802cd36776cdc22d881a87694a2862732b802fcd172a9a655e35eabb3ff97da37fee8d5984ccf24af619f6d6de9e66a3b6303ddd0aedcb8533de6eab","ssdeep":"96:fFKqW7S7oVcvXcv0m0hffPOcPFPXTPXXWGHO7TnQvMI1MmxYThZWfzQOdIQZvdkb:f47Lc/c8Jf7zt3vI28OfWrwlSfvj4Y","tlshash":"96126ab737f9697cfab452c55b0a7f69578d3027884c938727cdec3484b81aa620b463","first_seen":"2026-03-07T10:53:23.118035Z","last_seen":"2026-03-07T15:25:50.253305Z","times_seen":11,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 300651\r\ndate: Fri, 06 Feb 2026 11:12:05 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: a3b55ced17703763248572315e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de4[0,0,200-0,H], ens-cache21.l2de4[2,0], ens-cache9.se2[0,0,200-0,H], ens-cache4.se2[4,0]\r\naccess-control-allow-origin: *\r\nage: 2518407\r\nali-swift-global-savetime: 1770376325\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Fri, 06 Feb 2026 16:04:39 GMT\r\nx-swift-cachetime: 31518446\r\nback_uri: /imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947325721029e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":300651,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"8a47d4e0340db7d8001c1c2c39716b93","sha1":"0fc8202a98d51793df1755c0bdb9ed54294a8519","sha256":"4a6044bb59cb58f446ba34163ea45c5079c9c1a556c3f2bc626440f638efaf30","sha512":"7277d622b154e4756836791b83a92294ece23d66f15b7450937a0525679433e4f90622b04e6a37bc2db1aa067060c3e07fa066fbfe0660ba3c926b54ff52cb2f","ssdeep":"6144:v1p2LgPnLX3nnLXnXw3esj1ls34FfhavVHf7lYJkxmWYQAYg:v1pXXbXXw3eGXH5M7yixDY6g","tlshash":"9f5423c4f7e76f3eaf9218f3296f34883669c81d91f4813a1e86b1eb16231591434d3a","first_seen":"2026-02-07T11:16:48.410559Z","last_seen":"2026-04-04T15:25:57.319273Z","times_seen":2205,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d18wfmxtvthwf6.cloudfront.net/yinhe/960-120.gif","fqdn":"d18wfmxtvthwf6.cloudfront.net","domain":"d18wfmxtvthwf6.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.192.209.189","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:37.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /yinhe/960-120.gif HTTP/1.1\r\nHost: d18wfmxtvthwf6.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 215880\r\ndate: Wed, 25 Feb 2026 03:20:56 GMT\r\nlast-modified: Sun, 30 Mar 2025 12:21:24 GMT\r\netag: \"c2e3bac355c689e234388104488b22e2\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2f3a70deb5812eb0e48215ada7b72404.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 62xJerkMnSggvYa7HF_TpFEH_-G1Nd6ejM2LoqtITH1j0dZ5R_pZdw==\r\nage: 905082\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":215880,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"c2e3bac355c689e234388104488b22e2","sha1":"fcf87563ac96adb085897c5e4b9ba62681e5139e","sha256":"3e2c70fe6b947f60c3dd5752c94d502a3443c28f781738d2e308567ad5cd90cf","sha512":"239bc5d1df9c1aa3cb7cb72bc2c5451dbaa7dc8255bc9cc348dbe22ab5752e37a11047d421769e0228f8a645981a246d0b5af00792de9dce6a6b1f8f504cd044","ssdeep":"3072:Y8szBTXPqZiXzUBgLKsbV9UnxQCBL/YYYDSMdIok1RLp8veNVhRZ2:3OBLfzUHoexXL/YDSCIfXL/hRZ2","tlshash":"ed2422faf626c923c47eabc16370eda256f7c78471e2100657c17f5ada603a0cb9851d","first_seen":"2025-04-02T02:40:05.475958Z","last_seen":"2026-03-15T13:02:26.875639Z","times_seen":10144,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":11,"send":0,"wait":5,"receive":10,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.souavzy.info/upload/vod/20250617-1/2a2aebc3dbfa0ffa4907cc1d71de6083.jpg","fqdn":"img1.souavzy.info","domain":"souavzy.info","tld":"info"},"ip":{"addr":"104.21.12.156","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"souavzy.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 25 Jan 2026 01:03:28 GMT","end":"Sat, 25 Apr 2026 02:02:04 GMT"},"fingerprint":{"sha1":"B5:4D:EA:D3:4F:97:AA:F3:CD:32:47:A3:B0:04:E7:76:2D:95:1B:71","sha256":"DE:1A:A9:94:5F:14:35:2F:84:62:B6:B8:72:6E:3D:74:FE:FC:43:1B:38:14:47:B3:E4:56:5F:90:95:E5:C3:56"}}},"request":{"raw":"GET /upload/vod/20250617-1/2a2aebc3dbfa0ffa4907cc1d71de6083.jpg HTTP/1.1\r\nHost: img1.souavzy.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Lg4lRdVPzoPoDSRTD6R3LChla7%2BQACF6gHseBywc%2BaD9%2BWl2JhajVdrPk9fBCrDXZTclq71ple%2BdCVNwCirfnmZVm1Y5etNKG49UK6ZPY2Cn\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9d8a62642a0fd9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":479,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":479,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thjpg2.top/upload/vod/20250303-1/76465b7cc727cee9d60be0e7395d6107.jpg","fqdn":"thjpg2.top","domain":"thjpg2.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.955Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20250303-1/76465b7cc727cee9d60be0e7395d6107.jpg HTTP/1.1\r\nHost: thjpg2.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":774,"timings":{"blocked":768,"dns":6,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dq38rjje7qjm3.cloudfront.net/xhtd/960x120.gif","fqdn":"dq38rjje7qjm3.cloudfront.net","domain":"dq38rjje7qjm3.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.245.199","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:37.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /xhtd/960x120.gif HTTP/1.1\r\nHost: dq38rjje7qjm3.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 93540\r\nlast-modified: Thu, 11 Dec 2025 03:48:41 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 04 Mar 2026 21:07:00 GMT\r\netag: \"d17c0265bd5c40f03ea3b38db614d5fa\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: X6qNQpN-J15jeiMhvtuF6vlqqzD0FhgajzYeiNPp9dXwZ7CCdbw9DQ==\r\nage: 236318\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":93540,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d17c0265bd5c40f03ea3b38db614d5fa","sha1":"86fd316dbff0105c353ce4fee261d3ffd67c18ce","sha256":"2861568da5dcad2c4d42b984f1fe980881487c41b41994d0e0783f1b574139ce","sha512":"83f8917b4b01282169bb147584c08e1195907014562a3b78d46a8209e1b817f1c1e2a53a4b566919e19d83dddee3bdbfacd55627dc9fb32b1901c921daa9da93","ssdeep":"1536:J5GRXGxtd59jNNhrDeq3zzI6ipoYDnu9/QvY1Wuqk78ks4xycnTYf2JlavtaDpv8:nGRXGxtd597Rpz0tDnc6q1RY4Ecn0kja","tlshash":"289312b791ecd5c697826c8df5e304a056069606af7cfdd71584168690feeed2ac7300","first_seen":"2025-12-12T01:02:04.573696Z","last_seen":"2026-04-04T15:25:57.496857Z","times_seen":6332,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":6,"receive":14,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sbzytpimg4.com:3519/upload/vod/20260224-1/7ecd83a52329c2462a509bc3367a6bdd.jpg","fqdn":"sbzytpimg4.com","domain":"sbzytpimg4.com","tld":"com"},"ip":{"addr":"23.140.124.25","port":3519,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lsbzytp.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 06:45:41 GMT","end":"Tue, 07 Apr 2026 06:45:40 GMT"},"fingerprint":{"sha1":"24:EE:DC:F7:EE:6C:8B:F2:D7:A7:47:AF:3D:3B:39:9D:47:5D:53:36","sha256":"54:03:9D:34:96:92:AA:2F:D0:AD:0C:8A:AC:C6:19:4F:10:08:DB:A2:A2:42:2C:8D:46:1C:C8:08:3A:FE:3E:E9"}}},"request":{"raw":"GET /upload/vod/20260224-1/7ecd83a52329c2462a509bc3367a6bdd.jpg HTTP/1.1\r\nHost: sbzytpimg4.com:3519\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 117492\r\nlast-modified: Tue, 24 Feb 2026 02:28:32 GMT\r\nvary: Accept-Encoding\r\netag: \"699d0cd0-1caf4\"\r\nexpires: Sat, 28 Mar 2026 17:40:20 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nage: 767111\r\ncache-status: HIT\r\nserver: HyperCDN\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":117492,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3","md5":"180c4aab6cf0f0858b5237fa9cb1bde9","sha1":"79ed221c9021f7788a2758a2a212440f49a87583","sha256":"d7b7e963440dca2bafe52c0e2eee61625bc6a195eb0134f2272c036fae631fda","sha512":"5a9d7d1fdf7f8c075cf795020c27077dfb965f89144bf82ee7244d87b0d8ba4cb532908c6bd337aa1d6ff6ee41986c73d93deb000a557ad9f7da4db04ef6a524","ssdeep":"3072:wreuLq0K40hbU7voW1m/fUb7aHnA9KZqSdYweRA4qElgy/:ELq0K457vol/Mb7aeK5d5QVr++","tlshash":"77b31312be2578dafe32c43c54dd7a36e95034180f3514a865efbb38087af4b8dd469a","first_seen":"2026-03-07T14:46:30.695473Z","last_seen":"2026-03-07T14:46:30.695473Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1250,"timings":{"blocked":260,"dns":8,"connect":156,"send":0,"wait":304,"receive":326,"ssl":188},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mdutpianzxusifas.com/20260201/vsH9V7Pn/1.jpg","fqdn":"mdutpianzxusifas.com","domain":"mdutpianzxusifas.com","tld":"com"},"ip":{"addr":"45.204.71.19","port":443,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mdutpianzxusifas.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 23 Jan 2026 04:22:04 GMT","end":"Mon, 22 Feb 2027 04:22:03 GMT"},"fingerprint":{"sha1":"0C:0F:B5:39:4E:9F:14:52:C6:13:ED:51:DA:BC:60:F9:A9:02:07:52","sha256":"47:E6:A6:2C:F3:49:DF:7D:BF:1F:21:4F:B2:5B:90:3E:54:BD:B2:CA:05:AF:04:F5:37:FE:F4:FD:FC:93:D9:8E"}}},"request":{"raw":"GET /20260201/vsH9V7Pn/1.jpg HTTP/1.1\r\nHost: mdutpianzxusifas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 93760\r\nlast-modified: Mon, 02 Feb 2026 03:07:09 GMT\r\netag: \"698014dd-16e40\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93760,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x450, components 3","md5":"1f86ade7be8f9c30fbb026062a6088b9","sha1":"701a2831a4edf8842bdcff4c0aa8b183587e111e","sha256":"afcba2fe14e4c90686415aeef9a96dcabbb5c1a9452340bf42b278e5a7859d22","sha512":"1a6e7a27a8c3ccf0c5e0a1a9e15950608261c069cbd7d2e288ce836c80eba1909c4a69f8b726dd9f05508798c113b369edc517bc9c4be554b6944c2883bd3c65","ssdeep":"1536:nV8ris3l5YyZPIo5uHMmJjarzCG2YmemycnJnul1kJ7uuueem5:V8ri6YQgmadcL2Ycluc7fu/G","tlshash":"be930230cb10717cf49645c713f8ec8853c711ea2a4a6b55c9d985c227a17edc86b9bf","first_seen":"2026-02-04T16:03:21.434534Z","last_seen":"2026-03-07T14:46:30.697654Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1649,"timings":{"blocked":198,"dns":8,"connect":154,"send":0,"wait":161,"receive":374,"ssl":750},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251027/1MPmLZGi/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251027/1MPmLZGi/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 84479\r\nlast-modified: Tue, 28 Oct 2025 05:15:13 GMT\r\netag: \"69005161-149ff\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84479,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 720x1280, components 3","md5":"a3d6359976da1402be40a70e512252c2","sha1":"fbb61b433264e51bead2c11886415f7e87bc371a","sha256":"09454b2fdd35202f359ef593635e55a28e8268537303b2b0c9f76f1de5f4d40e","sha512":"0b71d014fa097fe253149b60be7e1884f7d16ceaed7ccaf0595f911ca1f86890dfcc355aa91f7ad29d0dee96c5d4288248cd4c505eb16b47640314808730f443","ssdeep":"1536:0Z90YSwE5Z3YWWs1oPh5Cczdj9zLV1+Lo92pTw8ivKtBmyJ+Qd0B:HY6Z3Y5sSXPxBPVssuTbBmyNqB","tlshash":"208312161f96b87dd1d617347e4e81581f90be2d382f25a720d114fab4449f28cb4bdb","first_seen":"2025-10-29T07:00:55.353655Z","last_seen":"2026-03-14T16:17:44.025736Z","times_seen":3,"resource_available":false,"data":null}},"time_used":2432,"timings":{"blocked":513,"dns":340,"connect":172,"send":0,"wait":563,"receive":368,"ssl":461},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251027/4X4EPk6S/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251027/4X4EPk6S/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 46328\r\nlast-modified: Tue, 28 Oct 2025 05:15:08 GMT\r\netag: \"6900515c-b4f8\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46328,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1280, components 3","md5":"d73edaeeb6b125e95ad169c975a298ad","sha1":"3fd5c49b8ab83846caceded7bcfac4880ff9539b","sha256":"c72e1d739ea617754989cca6ae79e1b54cb21ec30491719f21bc1d488405703f","sha512":"f7018b7cb42b7147ed301396980c2f35a2e0d64f064384609da13dac801a2f48b2d227d0211ec3aebf06ec798042ae4ac037e49076b82b1a4d81081794586b8c","ssdeep":"768:PrQSYVzfKd9mUBV9HTDzucJhhfsfH7DA1+PaeIbDfGO3Gx2X7okFlWDo37x8rm:PrQSKa9mpiD+AwPyuaK2rBP3arm","tlshash":"6c23029777731842ca3eaeba5155ffb513efec2462157ef8a940501057d1c70ae01e2e","first_seen":"2025-09-23T06:33:36.311998Z","last_seen":"2026-03-14T16:17:44.050158Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2134,"timings":{"blocked":1411,"dns":0,"connect":0,"send":0,"wait":647,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.jkuntp.com/upload/vod/20250924-23/a884ad76d1e821d708ed3f7abe90e39e.jpg","fqdn":"www.jkuntp.com","domain":"jkuntp.com","tld":"com"},"ip":{"addr":"64.112.76.43","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jkuntp.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 16 Mar 2025 16:00:52 GMT","end":"Wed, 15 Apr 2026 16:00:51 GMT"},"fingerprint":{"sha1":"13:82:6E:FD:22:A6:75:AF:0E:AE:85:B2:6A:97:BC:28:30:41:41:12","sha256":"50:62:73:3B:FC:2E:0C:CA:14:8B:44:E2:B4:B5:5B:20:6C:AA:A6:E4:97:C1:05:C1:6A:A6:C0:5E:92:40:4F:5A"}}},"request":{"raw":"GET /upload/vod/20250924-23/a884ad76d1e821d708ed3f7abe90e39e.jpg HTTP/1.1\r\nHost: www.jkuntp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 61710\r\nConnection: keep-alive\r\nLast-Modified: Wed, 24 Sep 2025 05:33:30 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d382aa-f10e\"\r\nExpires: Mon, 23 Mar 2026 06:16:16 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: max-age=2592000, public, max-age=15768000\r\nCache: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61710,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 600x337, components 3","md5":"a59c61f29dfc6cde858a9e11b19d0157","sha1":"24dc6f0ef35df7609af6b9972e0e891ef087bfaf","sha256":"f6593f9a70b9f229971ce0cf5f720af3fbde76ac727e6ab577dbd712a302bf14","sha512":"b26b0c5a1190841d230cc6f3ab6a824fb36b970012e0c71a2fb070a8ff243fa92e378f3aab2c6deb3226104e8b07792fab0d49b2df3bf89876bc7c96b28de285","ssdeep":"768:5wwQ5yrz+iNPwOiAVAc67ATmhQct/U3dRbq6G4Dax0eZ6b0/xhK51mnWAVyTzqxY:5T0YzP9VAeihQCU3bi42jE7cWoCjlAxe","tlshash":"37530233866aab39c0675e68dd1b3f21e2b13d27f0d3844b9174adb05b90471ead6274","first_seen":"2026-03-07T14:46:30.704151Z","last_seen":"2026-03-07T14:46:30.704151Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1645,"timings":{"blocked":624,"dns":0,"connect":159,"send":0,"wait":192,"receive":248,"ssl":412},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:34.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 71518\r\ndate: Sun, 04 Jan 2026 07:16:14 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: a3b5839717675109745792448e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache26.l2de4[0,-1,200-0,H], ens-cache31.l2de4[1,0], ens-cache4.se2[0,0,200-0,H], ens-cache4.se2[8,0]\r\naccess-control-allow-origin: *\r\nage: 5383760\r\nali-swift-global-savetime: 1767510974\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 04 Jan 2026 07:19:12 GMT\r\nx-swift-cachetime: 31535822\r\nback_uri: /imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif_.avif\r\nvary: Accept\r\ns-rt: 8\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947340832459e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":71518,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"77124bec289e16c03715536db0a93a69","sha1":"5de89ae0a04b1f38fad10253e63173c0b686ad35","sha256":"a3485681d348a07947e41b4b1f4ae28733254265db0fd08ac9db716c3733c769","sha512":"5690c31f2995495454b1e9f46b74b696c0418985c5d49d8ab68975b731876e461df8cd05bb027cf3d871191a500bd273b649d037e9e1719c890784e368206c54","ssdeep":"1536:E8dgdKUYKUsoK6sIET9wjMr/JF+aPbqiuYZtJvfDD:E+zUvwhEBwjM7+YyYZtJvfDD","tlshash":"8e630233a165d51fd223253ca591909dba377fe1cd6671f9f6c7cf478a08083c9aa828","first_seen":"2026-01-04T07:53:55.650353Z","last_seen":"2026-04-04T15:25:57.279824Z","times_seen":4021,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/bt960120a.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /bt960120a.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 14:45:33 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":292628,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1354,"timings":{"blocked":-1,"dns":1,"connect":171,"send":0,"wait":151,"receive":0,"ssl":1019},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"11224.xn--gps-8y0gm25n.xn--55qx5d/d/11224?_t=1765444375","fqdn":"11224.xn--gps-8y0gm25n.xn--55qx5d","domain":"11224.xn--gps-8y0gm25n.xn--55qx5d","tld":""},"ip":{"addr":"116.211.128.174","port":443,"asn":58563,"as":"CHINANET Hubei province network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xn--gps-8y0gm25n.xn--55qx5d","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 14:22:13 GMT","end":"Tue, 07 Apr 2026 14:22:12 GMT"},"fingerprint":{"sha1":"01:F6:A8:64:D2:BF:90:49:78:62:32:E0:6F:0D:E9:33:66:39:30:EF","sha256":"5D:E4:BC:B9:AE:B1:76:CF:D1:39:B2:34:04:CA:CA:2F:97:94:D8:E3:B1:2D:D1:41:C3:4B:27:0D:1C:BF:03:26"}}},"request":{"raw":"GET /d/11224?_t=1765444375 HTTP/1.1\r\nHost: 11224.xn--gps-8y0gm25n.xn--55qx5d\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 07 Mar 2026 14:45:34 GMT\r\ncontent-type: text/html\r\ncontent-length: 145\r\nlocation: https://fsffbhd.4000522777.xn--fiqs8s/ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375\r\ncache-control: public, max-age=3600\r\nexpires: Saturday, 07-Mar-2026 14:45:34 GMT\r\nstrict-transport-security: max-age=31536000\r\nx-via-jsl: 437ea6e,-\r\nset-cookie: __jsluid_s=64058e6a8d2cc05ff5e77410f7cdd1d3; max-age=31536000; path=/; HttpOnly; SameSite=None; secure\r\nx-cache: miss\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":686427,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":2333,"timings":{"blocked":-1,"dns":1203,"connect":516,"send":0,"wait":332,"receive":0,"ssl":282},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:34.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 643569\r\ndate: Sun, 25 Jan 2026 16:50:48 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 2ff6309e17693598481316951e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache39.l2de4[0,0,200-0,H], ens-cache18.l2de4[1,0], ens-cache11.se2[0,0,200-0,H], ens-cache4.se2[2,0]\r\naccess-control-allow-origin: *\r\nage: 3534886\r\nali-swift-global-savetime: 1769359848\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 25 Jan 2026 16:54:37 GMT\r\nx-swift-cachetime: 31535771\r\nback_uri: /imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947342692644e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":643569,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"f5919b3ac13cce9d56f7966003e826d8","sha1":"75c040dace5ddc741ddcbda8e0bc74fcbff417bc","sha256":"739605b51e61972ae4e03385a848c5cc0561d639eadb33e424567f7f3b9d8f88","sha512":"5864eaf234c1b5816f6faeb6ef6f499154110340a9c412a742b35f4304a7cdba4cb88efbe61887c10593e96737a895d6cd466cd8fe990edce43338535123cd17","ssdeep":"12288:E2PPPsqKfJQrQrQrQFUpPnn9uVK49uVK49uVK49uVKZRV7YC:E2PPPJQc9KK49KK49KK49KKZX7H","tlshash":"c2d41338875b6ab15d82fe6c4ce1a0d980f951df53b74669e7c09c30936a31fb382b64","first_seen":"2024-10-04T10:32:36.972611Z","last_seen":"2026-04-04T15:25:57.320242Z","times_seen":8019,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":10,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jkhabkrqjbj.com/20260110/Oe4QgeAI/1.jpg","fqdn":"jkhabkrqjbj.com","domain":"jkhabkrqjbj.com","tld":"com"},"ip":{"addr":"23.226.76.18","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jkhabkrqjbj.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Tue, 16 Dec 2025 08:33:50 GMT","end":"Fri, 15 Jan 2027 08:33:49 GMT"},"fingerprint":{"sha1":"E2:A0:FD:C4:A7:18:EC:F3:A0:01:74:4A:F8:84:BA:00:52:51:E5:3F","sha256":"D0:8D:1A:38:40:A6:38:51:41:8A:F4:1B:40:B1:BA:72:F5:31:3C:24:1A:5A:62:F8:63:C1:B5:69:37:3D:F3:70"}}},"request":{"raw":"GET /20260110/Oe4QgeAI/1.jpg HTTP/1.1\r\nHost: jkhabkrqjbj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 60357\r\nlast-modified: Mon, 12 Jan 2026 01:03:16 GMT\r\ncontent-disposition: attachment; filename=\"1.jpg\"\r\netag: \"69644854-ebc5\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60357,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=美图秀秀], baseline, precision 8, 600x337, components 3","md5":"d27015d4a4bca9af8704b1343e8790b8","sha1":"3c8ea8bf578336b3637dcbe297185d2ffa220203","sha256":"be8f2a5a0354804672b864055348531656e2706eb6432712fe9c5df1ecedf010","sha512":"72187303dbd65742ded8d76eecd30d8a1eb59225c7c0f29abebbb8eb819bee0df8a6fd441b61c182e49c59cc7a7169b25b33cebd28eed2d37409c19959cdf8f1","ssdeep":"1536:NAiea7cZ8/5J41AKaIAbsXG+X684uzTOXdcS:q7yV/5JAAKaI1RXtvkdh","tlshash":"ed430214c920c4987e732abf773d028e8bc4b6aecadf3ca5815c8e75d2838116e51717","first_seen":"2026-03-07T14:46:30.708127Z","last_seen":"2026-03-07T14:46:30.708127Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1661,"timings":{"blocked":259,"dns":2,"connect":154,"send":0,"wait":151,"receive":283,"ssl":798},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic11.ysj77.com/pic/20220108/398e640871d37a837756ac069084163c/1.jpg","fqdn":"pic11.ysj77.com","domain":"ysj77.com","tld":"com"},"ip":{"addr":"172.67.184.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ysj77.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 27 Jan 2026 06:29:19 GMT","end":"Mon, 27 Apr 2026 07:26:51 GMT"},"fingerprint":{"sha1":"0A:1A:82:10:D0:C2:10:8B:54:7A:7F:87:81:41:4D:F7:87:59:5B:5C","sha256":"52:17:3B:A7:00:6E:E8:6C:25:9E:BF:B9:76:97:A4:6A:02:0F:9D:F4:68:9F:4E:DA:B1:D3:EB:E7:B6:1F:81:2D"}}},"request":{"raw":"GET /pic/20220108/398e640871d37a837756ac069084163c/1.jpg HTTP/1.1\r\nHost: pic11.ysj77.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59710\r\nserver: cloudflare\r\nlast-modified: Fri, 07 Jan 2022 19:58:03 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nage: 73586\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iaPU7HP4BVvnQx%2FWhEWmQxTEAlnXwxteBWTntvZFNCTK9bk8VyAA6H%2BgMqV0RnRQ2UNzCOs15k4CmPqkLVtp5%2BU548xMe1pZTeNNeP8dTQ%3D%3D\"}]}\r\ncf-ray: 9d8a62671844a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59710,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1205x1206, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x482, components 3","md5":"91905beef033bd69635eb644592d9ee6","sha1":"9e8a9d9380938905ebbb3b26eda1602c989459ff","sha256":"80e4ed09b3a82405449bbede1f07a7a207e2b530c23155418948c448b5802f24","sha512":"d5856b45aa065340a496dd74a71ace44f6a542edd96655c6c4a7a3a1fc3a59cd47b578a1702afd223364e854750d06da9a1172cae6fc5bb1bf4dcc69a78d6f84","ssdeep":"1536:W2Bsw6DkRfBcaHmvArcQdhKBBlQPq1YCH:W22w/9BcaGOYBuNO","tlshash":"5843f2b6fe0cd78cedc55da4b54ca553ca2d77529241a2f7f42cdaac202e2ec0a0471b","first_seen":"2025-11-24T08:19:02.085429Z","last_seen":"2026-03-07T14:46:30.709438Z","times_seen":4,"resource_available":false,"data":null}},"time_used":486,"timings":{"blocked":371,"dns":1,"connect":10,"send":0,"wait":20,"receive":10,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic17.anzise.com/pic/20220121/eae3402de70d8fc68e7fafc114d335a2/1.jpg","fqdn":"pic17.anzise.com","domain":"anzise.com","tld":"com"},"ip":{"addr":"104.21.62.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"anzise.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Feb 2026 19:40:48 GMT","end":"Mon, 11 May 2026 20:38:19 GMT"},"fingerprint":{"sha1":"C5:FC:04:DB:35:A4:BA:50:95:D8:4C:BE:86:4F:70:E1:C8:5E:7A:79","sha256":"94:D4:9A:8A:42:B2:44:DE:41:42:4C:B8:A3:DD:65:7E:CE:85:3D:18:F8:A0:4A:F3:96:F1:09:42:BB:D4:D1:C7"}}},"request":{"raw":"GET /pic/20220121/eae3402de70d8fc68e7fafc114d335a2/1.jpg HTTP/1.1\r\nHost: pic17.anzise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 65988\r\nserver: cloudflare\r\nlast-modified: Fri, 21 Jan 2022 12:47:01 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nage: 565703\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CNp5yvYD%2F%2FP7PXs9UuQJ%2BfrD9nLWHgJ3S7MEyoucxbFbIFgRlGAeQUNEufn18sQyPlM1g6zmb205njmyArIxcnQtKSoHQ2rwRakIVpyYtsY%3D\"}]}\r\ncf-ray: 9d8a626a6f69902d-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65988,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x485, components 3","md5":"5277d976e2f2beeb54511b56c948d73f","sha1":"555c4628c722a3e0ccee3ab886b9082ede6eb50b","sha256":"6ba64bc63b2f2116c3f3f4aab88cf9767bbab0612adfebc4cd1124b4c9ee20e8","sha512":"9ba4005e68c7762cb7bd19282a2050367b4ff3461901c01515829c6c44232e3fc8186ecfcce3882221fb81dc53ac69dfa61503d15e1787cfd28df0eacb3493cc","ssdeep":"1536:Ew3/ez+0ms3SuwJ+qFipsqUPuzOgmX9JYG2wn1U://ezesPwJV3uwG","tlshash":"e553125ef1ca183b55aa45b2d80884f0614bbb86caf913bc9e5f3f7254538b7e0c4071","first_seen":"2025-11-07T18:36:04.98637Z","last_seen":"2026-03-07T14:46:30.710842Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1017,"timings":{"blocked":400,"dns":7,"connect":14,"send":0,"wait":21,"receive":21,"ssl":551},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251027/n7idCb97/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251027/n7idCb97/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 425717\r\nlast-modified: Tue, 28 Oct 2025 05:15:09 GMT\r\netag: \"6900515d-67ef5\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":425717,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x1280, components 3","md5":"73088a665b9fc34f8b0d3dd92e7a2fb9","sha1":"f663d3f8e762c6f167558a0e3dfd9ab9fee88849","sha256":"934307b604a2acd496c8435d7c18fe87118e0f75d6e60fcd770041896400ce1e","sha512":"7ef490e9c63372792eede664f6c04c489b236d3542519d05e396a610f70076ce1e6df98384f1afc7f253ba30c0bee2202e70ba0fa3e0c6de3f21dbefb4561d02","ssdeep":"12288:TNoUstEKZdtc5vpstaaHcYrTxtfeLhbhxBsQl:T9svXwps15tmV/V","tlshash":"1b94239fa0f47b09b851bff6e54e7ab61e43c1a45e837583e8cf7211b6960832e641d0","first_seen":"2025-10-29T07:00:55.354872Z","last_seen":"2026-03-07T14:46:30.712059Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2508,"timings":{"blocked":1412,"dns":0,"connect":0,"send":0,"wait":473,"receive":623,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20250806/ryKj7dmW/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20250806/ryKj7dmW/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 55175\r\nlast-modified: Thu, 07 Aug 2025 07:26:33 GMT\r\netag: \"68945529-d787\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55175,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=www.meitu.com, datetime=2024:04:09 11:22:02], baseline, precision 8, 500x281, components 3","md5":"b316e85e8b8f28aab71b307594621ea1","sha1":"8b2212ce1ac03e91821f5f9998d89b2d24bd5172","sha256":"501f0405e4e94ed081a7cc01a7bb3283bfb5a9da8e3a4ad5d7a53c1ce24e528e","sha512":"36a6624b55fd78b92e4ca0022a6a4b9a728fa926e583c9c5e7333b1981387b24d50efe1fb0cb72eff6b2cfe3f8f3e8eff5c6945207f1eeaab9ff15ae00c654d2","ssdeep":"1536:lKPEFzg27qiLP0rHFNXgnaz5ieohirjgM:08+aq4P0rHF9gCieocUM","tlshash":"a043f143db830de5f546816db882af4a8cf28e577080972fc435f868962a5c13e67a39","first_seen":"2025-09-25T23:47:36.930368Z","last_seen":"2026-03-07T14:46:30.713233Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2276,"timings":{"blocked":1399,"dns":0,"connect":0,"send":0,"wait":645,"receive":232,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jpgjingpinx1.top/upload/vod/20250723-1/25609b25869f09876f4d10d0da9fa709.png","fqdn":"jpgjingpinx1.top","domain":"jpgjingpinx1.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.955Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20250723-1/25609b25869f09876f4d10d0da9fa709.png HTTP/1.1\r\nHost: jpgjingpinx1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":736,"timings":{"blocked":736,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/js/jquery.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/static/js/jquery.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 92629\r\nlast-modified: Thu, 04 Aug 2016 14:39:10 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T15:48:44.569044Z","times_seen":60616,"resource_available":true,"data":null}},"time_used":557,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":448,"receive":109,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic14.ysj77.com/pic/20220127/2da47560f16870cb57371c136476ea78/1.jpg","fqdn":"pic14.ysj77.com","domain":"ysj77.com","tld":"com"},"ip":{"addr":"172.67.184.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ysj77.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 27 Jan 2026 06:29:19 GMT","end":"Mon, 27 Apr 2026 07:26:51 GMT"},"fingerprint":{"sha1":"0A:1A:82:10:D0:C2:10:8B:54:7A:7F:87:81:41:4D:F7:87:59:5B:5C","sha256":"52:17:3B:A7:00:6E:E8:6C:25:9E:BF:B9:76:97:A4:6A:02:0F:9D:F4:68:9F:4E:DA:B1:D3:EB:E7:B6:1F:81:2D"}}},"request":{"raw":"GET /pic/20220127/2da47560f16870cb57371c136476ea78/1.jpg HTTP/1.1\r\nHost: pic14.ysj77.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23817\r\nserver: cloudflare\r\nlast-modified: Thu, 27 Jan 2022 08:17:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nage: 195496\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gOBp2fAfLSetFfYVOIUnhtaHmwRSrHabGyLhv1OC98brD3vKtZthcwThmwWae4MxIuZLwPkuEZPs2zasdrhSHRPIXfux2T8BNpJCWI09tw%3D%3D\"}]}\r\ncf-ray: 9d8a6267080da9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23817,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 406x405, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x406, components 3","md5":"2e8e3c771fecbc60b20140be95e313fe","sha1":"5e41de5373c69bac73089e0ccc56e511fe192a2f","sha256":"c0a1616654c668c7d379f197168f86a8a35fa5835473dac1aeac6ee22fa7b646","sha512":"7b11d2a8838fbf5ee4dc27811cc357a96fb7e49efed8eceeabb2cbfd46859d30917b8a20aa9f411ce2fe60bbb90a711ab9278bb654c12047eae59b6c748c3328","ssdeep":"384:O02ZQPbkLWnTXQaf+plHuheUE1NjUZ8aYFV5DRwMXP2dBQXCnmWqvkRkRvKdLrHf:2bSEKSNji8a0tNEyCnmWntpr","tlshash":"29b2e0ccb1f27828f21a6c3b3d5c500ab856391f968815556ceffe8b8b4061f0d2635e","first_seen":"2025-11-10T19:24:21.113773Z","last_seen":"2026-03-07T14:46:30.716006Z","times_seen":3,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":362,"dns":4,"connect":9,"send":0,"wait":18,"receive":1,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.mdynieu.com/images/69146317ec12e29e413cb55f.gif","fqdn":"www.mdynieu.com","domain":"mdynieu.com","tld":"com"},"ip":{"addr":"161.129.35.198","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mdynieu.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 12 Dec 2025 00:00:00 GMT","end":"Thu, 12 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A0:E7:35:D4:DC:48:E4:5E:1B:FF:4B:B6:D3:6D:0D:58:B1:F6:27:29","sha256":"D2:17:69:66:D0:31:B0:DE:3F:24:F3:24:DB:38:FC:40:63:C5:36:DC:5B:B0:8F:60:02:55:7A:68:1D:EA:44:7C"}}},"request":{"raw":"GET /images/69146317ec12e29e413cb55f.gif HTTP/1.1\r\nHost: www.mdynieu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-length: 0\r\nreferrer-policy: no-referrer\r\ncache-control: max-age=600\r\nlocation: https://img.meituan.net/portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":406836,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1699,"timings":{"blocked":-1,"dns":58,"connect":252,"send":0,"wait":255,"receive":0,"ssl":1134},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/ky61-960x120.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:32.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /ky61-960x120.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 14:45:34 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44406,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1515,"timings":{"blocked":-1,"dns":2,"connect":178,"send":0,"wait":307,"receive":0,"ssl":1010},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1212.syhze.com/8888/mbh/960x120.gif","fqdn":"img1212.syhze.com","domain":"syhze.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1212.syhze.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 05:10:16 GMT","end":"Thu, 21 May 2026 05:10:15 GMT"},"fingerprint":{"sha1":"0E:AF:BB:57:33:D9:8E:52:FC:E0:72:FB:99:E6:06:AE:75:3F:77:CD","sha256":"73:97:CE:47:3B:96:59:73:01:A9:E5:B5:E4:AA:29:99:2E:75:1A:0E:52:57:08:31:66:51:91:6E:D4:8A:EC:94"}}},"request":{"raw":"GET /8888/mbh/960x120.gif HTTP/1.1\r\nHost: img1212.syhze.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:33 GMT\r\ncontent-type: image/gif\r\ncontent-length: 496600\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Fri, 30 Jan 2026 13:22:20 GMT\r\netag: \"697cb08c-793d8\"\r\nexpires: Mon, 06 Apr 2026 05:15:23 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":496600,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"98f1aab916043713d1744086a4aac70d","sha1":"abbc50f57afaea6090ffec73c53bc824926db831","sha256":"4bcfe3c6ff3dcd160bd51a92164046ed60b025895dc6affc06db0d6d88b77259","sha512":"50aded0afad0a2f06bc9b5dd4ba767e64e5cf59b627ee62ce66bf3a769b0fddfa7533cb591e0ad6dfd3be42afa77d37181ea9fd7dac487946081ee0f24e837f0","ssdeep":"6144:9G4QxSTTMRTTMRTTMRfE3O4+g2CjZnFaYG/eFVVL:E0T4RT4RT4RyO4fFZFaL/Q","tlshash":"c3b423ec487fcd5dc8b22c2c3143023349a2b17879df88626793b9d7e5d6b196a82d35","first_seen":"2026-01-31T02:19:27.411392Z","last_seen":"2026-04-04T15:25:57.371862Z","times_seen":2803,"resource_available":false,"data":null}},"time_used":2887,"timings":{"blocked":-1,"dns":189,"connect":252,"send":0,"wait":1109,"receive":618,"ssl":712},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uqetyzxa.com/20250208/zuFEoAGD/1.jpg","fqdn":"uqetyzxa.com","domain":"uqetyzxa.com","tld":"com"},"ip":{"addr":"23.226.79.50","port":443,"asn":53755,"as":"IOFLOOD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uqetyzxa.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Sat, 04 Oct 2025 04:35:31 GMT","end":"Tue, 03 Nov 2026 04:35:30 GMT"},"fingerprint":{"sha1":"35:4C:C5:44:92:0E:41:CE:D4:5A:4D:FA:3E:AE:FD:A8:9A:99:23:7D","sha256":"95:56:60:EC:7C:FE:1D:20:91:87:3A:27:EB:B1:49:0B:CD:A8:CD:AF:7F:3F:3A:EB:73:AA:AD:45:8C:CB:4B:F2"}}},"request":{"raw":"GET /20250208/zuFEoAGD/1.jpg HTTP/1.1\r\nHost: uqetyzxa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9945\r\nConnection: keep-alive\r\nLast-Modified: Sun, 09 Feb 2025 03:59:59 GMT\r\nETag: \"67a8283f-26d9\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: public, max-age=15768000\r\nCache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9945,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 240x320, components 3","md5":"45e4057981cca39240c367ea5a82f291","sha1":"e83b8601ce19c2aae019e544f0bf593580309240","sha256":"2a1fe488999ca89061f8325adbff0dc05f31d0c3d35b4fc7f9934d1e7c89d50c","sha512":"d4a0210fcc551f2a76cdc51c53a9bd84a07fa97740e87a13429ee66ececd21e29b09b103c3894705a026f4228fc8001859de41bf9699149f8f723abb46661a99","ssdeep":"192:rK0oUoLzPTnt5i08Qgj8tEbdnrobFeGK6C2jSdj6+m1zXVDcz7i5JJk5E:rKRLn38pjsygFbnSd7fPoGE","tlshash":"2e22af0b39c214669b0324b41752f4c28622e20b7e61ee21e36715c72b7ee5aff6224d","first_seen":"2026-03-07T14:46:30.718088Z","last_seen":"2026-03-07T14:46:30.718088Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1525,"timings":{"blocked":808,"dns":5,"connect":160,"send":0,"wait":193,"receive":1,"ssl":354},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aosikazyy.com/20260209/cgA9eWNL/1.jpg","fqdn":"aosikazyy.com","domain":"aosikazyy.com","tld":"com"},"ip":{"addr":"64.112.78.71","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aosikazyy.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Tue, 27 Jan 2026 05:36:13 GMT","end":"Fri, 26 Feb 2027 05:36:12 GMT"},"fingerprint":{"sha1":"46:07:BD:26:C4:2F:43:47:7D:0B:DA:7D:56:AF:C0:48:AA:4B:A9:E4","sha256":"53:B2:F8:51:E2:31:14:5B:CB:D8:05:AC:D2:8C:38:EA:8C:4D:49:6E:8F:6F:EE:15:41:AC:AF:06:08:F5:64:1C"}}},"request":{"raw":"GET /20260209/cgA9eWNL/1.jpg HTTP/1.1\r\nHost: aosikazyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 384623\r\nlast-modified: Tue, 10 Feb 2026 01:51:05 GMT\r\netag: \"698a8f09-5de6f\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":384623,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 640 x 360, 8-bit/color RGBA, non-interlaced","md5":"ef8e13951e46dd2c480c0b1a119f934d","sha1":"341e489f075700f7e3e8156aacf8deb3a79dde25","sha256":"19ef066f93c5ddb41e8bb6b8c49e3464f38484bbe45e82de13f042cb0f1d732a","sha512":"1e5d97e640a828af4bdec7ff9de99bdc73aecdea21bd0b3834f5ddb0d5786ea30b059d05f959defd93d7f25ba0b47a650b5552b15f6663d51b4151ebcea9c139","ssdeep":"6144:YsqJZv/gDN9OLBOZqZ/Dk25pFQeUlR3RNGFfOaI4ZU8rzTQiuLRxGnArsVWC:avvIDGOZqZbkUYemJRkfzZxQiuLRxGn5","tlshash":"5b8423abf0da4a4bcf1bce0824216276036da18a68b74e3ad505c5e51c7f35075f71f6","first_seen":"2026-03-07T14:46:30.719424Z","last_seen":"2026-03-07T14:46:30.719424Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1976,"timings":{"blocked":88,"dns":1,"connect":147,"send":0,"wait":618,"receive":387,"ssl":840},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fqjpg5.top/upload/vod/20251014-1/ab6bd8790b57d024632f77df5596f2dc.png","fqdn":"fqjpg5.top","domain":"fqjpg5.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.939Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20251014-1/ab6bd8790b57d024632f77df5596f2dc.png HTTP/1.1\r\nHost: fqjpg5.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":603,"timings":{"blocked":602,"dns":1,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jpgjingpinx1.top/upload/vod/20250724-1/16bc715b5734e19f90951cef07594c18.png","fqdn":"jpgjingpinx1.top","domain":"jpgjingpinx1.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.954Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20250724-1/16bc715b5734e19f90951cef07594c18.png HTTP/1.1\r\nHost: jpgjingpinx1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":60,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/000/flink/analytics.php","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:31.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"POST /000/flink/analytics.php HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 9\r\nOrigin: https://aqf.yrjj7.help\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"referrer="}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nage: 0\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cMs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":577,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:33.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 303863\r\ndate: Tue, 24 Feb 2026 09:21:40 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 9b66a79b17719248998917462e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache28.l2de4[0,0,200-0,H], ens-cache22.l2de4[4,0], ens-cache3.se2[0,0,200-0,H], ens-cache4.se2[4,0]\r\naccess-control-allow-origin: *\r\nage: 969832\r\nali-swift-global-savetime: 1771924900\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 24 Feb 2026 09:25:40 GMT\r\nx-swift-cachetime: 31535760\r\nback_uri: /imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif_.avif\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817728947326891136e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":303863,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"de72cd3f9bb03e02f5ed7c191fc47e25","sha1":"1f1da79e3ea10cc974149b4fd61236d7aaf0cbba","sha256":"88bc662ac1dc810b16d8c81e024975ec22af3497c510036158f5799da1b4b874","sha512":"be2488a9b17fc4ac4ca2e24177ed9bd673b6514929df0344fa626af305073862d30fa0bfcb290f4b09984e51dd7790dc6af53ace8b9e68a936771f982b7d3da7","ssdeep":"6144:0yBudqBvMzajcmhzfOmZIJ6MLkrN78j6Z8BdaAR50OsE8uZr:1B4qBvRjcmhCSI8ZS6CR50OsEhB","tlshash":"0254232e919b11304cd6a6383d7e66f700f6dc7509a143125dfba6cda4979bc2ce8ca1","first_seen":"2026-02-24T09:59:59.817588Z","last_seen":"2026-03-15T07:53:53.563962Z","times_seen":1005,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aosikazyy.com/20260208/k3TBxajy/1.jpg","fqdn":"aosikazyy.com","domain":"aosikazyy.com","tld":"com"},"ip":{"addr":"64.112.78.71","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aosikazyy.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Tue, 27 Jan 2026 05:36:13 GMT","end":"Fri, 26 Feb 2027 05:36:12 GMT"},"fingerprint":{"sha1":"46:07:BD:26:C4:2F:43:47:7D:0B:DA:7D:56:AF:C0:48:AA:4B:A9:E4","sha256":"53:B2:F8:51:E2:31:14:5B:CB:D8:05:AC:D2:8C:38:EA:8C:4D:49:6E:8F:6F:EE:15:41:AC:AF:06:08:F5:64:1C"}}},"request":{"raw":"GET /20260208/k3TBxajy/1.jpg HTTP/1.1\r\nHost: aosikazyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 419648\r\nlast-modified: Mon, 09 Feb 2026 00:58:23 GMT\r\netag: \"6989312f-66740\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":419648,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 640 x 360, 8-bit/color RGBA, non-interlaced","md5":"596eefa4a844dde78918cc01ec88cbc3","sha1":"59db256f788ec69df2003305d057dc72472e90bf","sha256":"dad92a0b6509de22d1904bbbd0ed17fc94b0c4919e1cb10a18cf76b38a2aae53","sha512":"03f897d25937d9ca89e85394641bc6bdb8881e002e6a1b6bd43fce13a9cddfc28cabe0762251582e067f9bc0ca2f9b01951bfa0a192d09d2afe6c028f18dee4a","ssdeep":"12288:aL6wi2AzvdREXTWgtbOO/0hwT/vruh5rAcIPegCEPS71j9:aOwgzvrEj/R/zT/vruLNDz","tlshash":"9a942363899b19b0b10763fb143be608d6ac07532be287b14261d7f856bef489513ecd","first_seen":"2026-03-07T14:46:30.721375Z","last_seen":"2026-03-07T14:46:30.721375Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2018,"timings":{"blocked":113,"dns":1,"connect":147,"send":0,"wait":613,"receive":434,"ssl":701},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aosikazyy.com/20260206/FnVrQjsa/1.jpg","fqdn":"aosikazyy.com","domain":"aosikazyy.com","tld":"com"},"ip":{"addr":"64.112.78.71","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aosikazyy.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Tue, 27 Jan 2026 05:36:13 GMT","end":"Fri, 26 Feb 2027 05:36:12 GMT"},"fingerprint":{"sha1":"46:07:BD:26:C4:2F:43:47:7D:0B:DA:7D:56:AF:C0:48:AA:4B:A9:E4","sha256":"53:B2:F8:51:E2:31:14:5B:CB:D8:05:AC:D2:8C:38:EA:8C:4D:49:6E:8F:6F:EE:15:41:AC:AF:06:08:F5:64:1C"}}},"request":{"raw":"GET /20260206/FnVrQjsa/1.jpg HTTP/1.1\r\nHost: aosikazyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:31 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 67922\r\nlast-modified: Sat, 07 Feb 2026 01:46:17 GMT\r\netag: \"69869969-10952\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67922,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x632, components 3","md5":"93d21c966c2d00458911d022095901ff","sha1":"4b984d89100186b0a1acb00f6ba453677f783fae","sha256":"5f0530d17478cbeb361c47e68a1e41023420dd4fd42c04a411f0dbec5e8184ba","sha512":"8a7c2b9ae2023c713297b69fdccb004c7e8c1b05b87dce59c7f4c37356e2c09ca073cdcaefed730a2d264c59c90c9eb4ae2d7e193610cc007a2ce8992da25b11","ssdeep":"1536:jDTTer16j+Stf5TaNwg26m4tDz1YB+g9OGtSxiTpO+1yr1981m9:jD/s1ncxTaNw2mEDpYB+5UTpO+1yh9Iu","tlshash":"5a630219dbe5ce9cd884eeb7a4f453e84e682f61067770a35fbb44e2580eef15814d02","first_seen":"2026-02-08T09:10:18.893549Z","last_seen":"2026-03-07T14:46:30.7224Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2116,"timings":{"blocked":950,"dns":0,"connect":0,"send":0,"wait":154,"receive":298,"ssl":714},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251118/8KtIURde/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251118/8KtIURde/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 73503\r\nlast-modified: Wed, 19 Nov 2025 03:45:35 GMT\r\netag: \"691d3d5f-11f1f\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73503,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 718x404, components 3","md5":"f5bd13d819d57b9620bb9f03b533870f","sha1":"271da5c2792e882f941ad49d7925b29575b9c324","sha256":"26770d8f6d17f6060744359d225c65aeb7e485c055aad9a1e70a798c8beff542","sha512":"f9ce33bb850c3003b6b39782184758e27d6ca0ac5664f57330ded959512e4ddbf73a1feafc7e3425f67d71afc392ef12c41110fc2967a82b79163a653a9619a1","ssdeep":"1536:TwSOLJwuq9tg6P+F0MIzzKtOokdx682RrbN2D6dX4QL8H:gLev9tg6CLVKxNGdGS8H","tlshash":"ce7312cfc14da6c8b7bd98fcc5bdba2db3c5326044f8c20a579609a995923522bf710c","first_seen":"2025-10-09T13:00:12.03317Z","last_seen":"2026-03-07T14:46:30.723441Z","times_seen":42,"resource_available":false,"data":null}},"time_used":2428,"timings":{"blocked":437,"dns":420,"connect":152,"send":0,"wait":612,"receive":363,"ssl":422},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jpgjingpinx1.top/upload/vod/20250713-1/b92761423adee476ffbd743538c79105.png","fqdn":"jpgjingpinx1.top","domain":"jpgjingpinx1.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.958Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20250713-1/b92761423adee476ffbd743538c79105.png HTTP/1.1\r\nHost: jpgjingpinx1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":796,"timings":{"blocked":796,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_block.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/stui_block.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 27296\r\nlast-modified: Mon, 28 Nov 2022 11:03:07 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27296,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (1553), with CRLF line terminators","md5":"c7c95bdef4fa11358842f739f3ba89ef","sha1":"a783f609f0c73f67621dfcf1e2f3d5af7c41005a","sha256":"6c4e9b2e4618b8b1e87651c318d38bb059d3297b0086b475f49310801675699e","sha512":"d34816e06e4585707a19f7fe9443fccfbb4bddb75c6e191a3448ffe56c408654a08c13653d620c5eaf3b3ec3f9df4d1f5d6b8bb5b0a55204e69dbb74c1209549","ssdeep":"384:dr5r9KAeS8CtnOitkDtsCLHKrGm5LT0+OkVqDKHTBm1J+bPbiiH:NRghUkZtwGm5L4+OjgTE2H","tlshash":"abc24585ea103d0cb02f6e45b6e35a8fea179056733209fab9a43c5cc68f9d740b16cd","first_seen":"2025-05-11T08:12:38.792189Z","last_seen":"2026-03-11T02:04:59.800852Z","times_seen":270,"resource_available":false,"data":null}},"time_used":416,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":366,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tuaskbgnekr.com/20251109/BFwqq96g/1.jpg","fqdn":"tuaskbgnekr.com","domain":"tuaskbgnekr.com","tld":"com"},"ip":{"addr":"64.112.76.12","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bfaskbwerve.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 12 Mar 2025 23:24:33 GMT","end":"Sat, 11 Apr 2026 23:24:32 GMT"},"fingerprint":{"sha1":"17:BE:B5:B6:72:C2:AD:F5:0C:31:68:24:C8:2B:3D:2F:EB:BD:D8:B6","sha256":"6F:0D:C1:02:24:41:CF:D5:BA:7D:A5:37:F1:D3:5A:7C:E7:91:AA:D0:DC:58:29:DB:35:FE:0A:AA:41:37:FA:74"}}},"request":{"raw":"GET /20251109/BFwqq96g/1.jpg HTTP/1.1\r\nHost: tuaskbgnekr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 14:45:32 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 209827\r\nlast-modified: Mon, 10 Nov 2025 02:53:51 GMT\r\netag: \"691153bf-333a3\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=15768000\r\ncache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":209827,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2016x1131, components 3","md5":"276319ad5d77b8e82f0d1369c25f4b6e","sha1":"e7aacd869e0b47f250f5ef7a735ecaa0dea7411c","sha256":"0de6e464d26579775b2f6b0f201aa9b1d077b2fec63b5324abb9bb5638205cf4","sha512":"422ef5895a64f8b1d657871ce05bc400b97831128761d179a0200b9ecc6a0191104c423b6abec7b517c39fcea2cbb0c4ec997d967b0afa969dcbdf4e00a52d4c","ssdeep":"6144:nxuJntxxN8EEIlFG9oKweg8Ei9kSPT0GP:nURVN8EEIC97ng8EitPoGP","tlshash":"6b2412448d6ed850cea04d7eb521de64a4ad091eb4bfc64dbc40b6a8c7dcf937cba460","first_seen":"2026-03-07T14:46:30.725183Z","last_seen":"2026-03-07T14:46:30.725183Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2476,"timings":{"blocked":452,"dns":404,"connect":172,"send":0,"wait":639,"receive":413,"ssl":374},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.jkuntp.com/upload/vod/20251022-13/6b54c16d5a98beb7e4e1d55c5874ac2f.jpg","fqdn":"www.jkuntp.com","domain":"jkuntp.com","tld":"com"},"ip":{"addr":"64.112.76.43","port":443,"asn":6939,"as":"HURRICANE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jkuntp.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 16 Mar 2025 16:00:52 GMT","end":"Wed, 15 Apr 2026 16:00:51 GMT"},"fingerprint":{"sha1":"13:82:6E:FD:22:A6:75:AF:0E:AE:85:B2:6A:97:BC:28:30:41:41:12","sha256":"50:62:73:3B:FC:2E:0C:CA:14:8B:44:E2:B4:B5:5B:20:6C:AA:A6:E4:97:C1:05:C1:6A:A6:C0:5E:92:40:4F:5A"}}},"request":{"raw":"GET /upload/vod/20251022-13/6b54c16d5a98beb7e4e1d55c5874ac2f.jpg HTTP/1.1\r\nHost: www.jkuntp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 07 Mar 2026 14:45:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 40565\r\nConnection: keep-alive\r\nLast-Modified: Wed, 22 Oct 2025 12:10:18 GMT\r\nVary: Accept-Encoding\r\nETag: \"68f8c9aa-9e75\"\r\nExpires: Sat, 21 Mar 2026 12:54:21 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: max-age=2592000, public, max-age=15768000\r\nCache: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40565,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=美图秀秀], baseline, precision 8, 600x337, components 3","md5":"431bda9e335cccd91b050a3027308566","sha1":"14b3ecb3bcf735136c34fbea117e0edaa19038e8","sha256":"df79e603d4fac8c3af79ab82a5655b8d1e997ee53bb4f12ab305f09597b17078","sha512":"0358b7909944fac4365b2629525b6e78099d9dbd7639eec7a45adc3d1c9ce9360ac1eb474a0933c1fd35e90e735db910ced2b92fb84624207eb7b6676ca0090e","ssdeep":"768:NASXfh/CstzpHBo29a+w2OK6ujEgBtrUih/ltmAGrbJMAuMeqX2EFv:NVvhJph39a+w2jEgBpUi1mAGvAlzEFv","tlshash":"d603f185e1870eba4f08a4b2180701fd4f9fe226f631e795372a15f36bf95613d668c8","first_seen":"2026-03-07T14:46:30.726142Z","last_seen":"2026-03-07T14:46:30.726142Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1670,"timings":{"blocked":579,"dns":1,"connect":150,"send":0,"wait":278,"receive":185,"ssl":476},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fsffbhd.4000522777.xn--fiqs8s/ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375","fqdn":"fsffbhd.4000522777.xn--fiqs8s","domain":"fsffbhd.4000522777.xn--fiqs8s","tld":""},"ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:35.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4000522777.xn--fiqs8s","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Feb 2026 07:30:32 GMT","end":"Sat, 09 May 2026 07:30:31 GMT"},"fingerprint":{"sha1":"FF:0F:4B:0B:66:7A:99:CF:94:C0:49:3D:85:E5:C9:86:98:B7:37:5A","sha256":"43:BD:60:69:CF:8C:1A:A9:8F:2A:45:8B:67:9B:D8:CE:5E:AD:46:40:6D:E0:09:85:5F:16:F0:2D:FD:A5:D2:8E"}}},"request":{"raw":"GET /ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375 HTTP/1.1\r\nHost: fsffbhd.4000522777.xn--fiqs8s\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 14:45:35 GMT\r\ncontent-type: image/gif\r\ncontent-length: 686427\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dgDNzC9XoVvmKVB92q%2FX%2FPCUl1lANQ833X%2BhEct26cLXlvWWNzHFN641n8cz60e0df2JctXgoXW3jhRT8C%2BQzemvmrJ%2Frh3Kvc69WC7H%2FXkfT91ymU4J5EqYebg%3D\"}]}\r\nlast-modified: Fri, 12 Dec 2025 11:26:10 GMT\r\netag: \"693bfbd2-abcad\"\r\naccept-ranges: bytes\r\ncf-polished: ok, orig_size=703661\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-bgj: h2pri,imgq:100\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=1;i=?0,cf-chb=(782;u=3;i=?0 1954;u=4;i=?0 75633;u=5;i=?0)\r\nage: 6681\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncf-ray: 9d8a627e1dea2767-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":686427,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"50ad17c4014d52237a88bb19e9829b31","sha1":"db252c8c8a5ae668e4632ed8a76a1b24c53c9f70","sha256":"554655862976f55793e7639c314556faa823351d74594ae5ad92087cbeb0e612","sha512":"28ef570f60686911a4f0a3103d46bd5dcc95320b7a3dc8cc05a46f9f889b81b041197d528326d0058db11fe5fcf2ff9eb21b74f7c827c954d8a8756ad55a579a","ssdeep":"12288:wwXjxQCC3biqHBA64vfwB2VDUh2aQapzDUS7uahgvxVYGy157FN3fCnVi:wZFnB54He2VmyIuaOJVDy1JXKnE","tlshash":"fae4235203b56265ecd3816ab4d1296e4ceea25f0d38ff31134128da46a379f23653ef","first_seen":"2026-02-13T09:12:04.032312Z","last_seen":"2026-03-24T12:42:29.021486Z","times_seen":1077,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":8,"connect":8,"send":0,"wait":16,"receive":95,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/stui_default.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html","date":"2026-03-07T14:45:30.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/js/stui_default.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/s/%E5%8E%95%E6%8B%8D.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=oeads9fohtesm1b4rn9c3clc2a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 7433\r\nlast-modified: Mon, 28 Nov 2022 03:58:48 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7433,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"7f231ce324e1865c62c3a34ad6021b0d","sha1":"3836b4a73e15f84d7bd2d369f913e36ea3c5c6d2","sha256":"3d40f403dc3f7c8eb502e280ea289944c10fb1adb17239a88969a8c4d21e0c36","sha512":"17f95e6e9e7518484d68a9e092ed83680ca997fd655b923628f902fd0776745e57ef9cfb5166a0957cf4dff4f949fc9b3aafae8ed1100320468b3379d2c5b9b0","ssdeep":"192:oYpTSe3ochkPHqdxJDuRX3WAVb3GHgqMqh5L:FpTS03gKdx9u1WUb3d7qhJ","tlshash":"93e16509b450613a847b7379eb2f6600fa21362760824d12bc7dc6d05fb1c5ab6b9fec","first_seen":"2024-12-31T10:28:51.277282Z","last_seen":"2026-03-11T02:04:59.801672Z","times_seen":273,"resource_available":true,"data":null}},"time_used":564,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":563,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}