{"report_id":"e36fc438-b189-4476-9031-c7b9e979a180","version":6,"status":"done","tags":[],"date":"2026-03-25T15:54:56Z","url":{"schema":"http","addr":"mx648.com","fqdn":"mx648.com","domain":"mx648.com","tld":"com"},"ip":{"addr":"172.67.144.136","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"title":"ManBetX(万博体育)官网|英超狼队和水晶宫全球赞助伙伴","dom":{"size":6414,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4964)","md5":"093dd6d7e440bb0daaaceb6308afd7a4","sha1":"3c2c39b83a38517f1b2a2bfafa0d33abf5938b8b","sha256":"2653dafc8412c6a2744def12af9eff60110ef9cc86f2c0cffdc9fbc00a889e14","sha512":"3d0b73d01efc09a223614ef3d0e5dda342ab401402fec987f4c730d20ccf2dea18d2052e8d7fc3d1739a97408a8a658546c06a3ed4efd740e015dfab157650c2","ssdeep":"192:HkC2WszNnD1I+C7VdX9kXjLMAOghqI/LPe8f/tpfS:HM8VSjLtOhI/LPNf/tpfS","tlshash":"3cd1123f416113299027dd684bf4a7138178d8267d6d77fa2513672ad7cbb8205e338b","dom_hash":"domhashc825ac7342d34e339c870e8a2e1df67d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mx648.com","fqdn":"mx648.com","domain":"mx648.com","tld":"com"},"ip":{"addr":"172.67.144.136","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T15:54:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":7}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:54:38Z","timestamp":1774454078,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":49738,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-03-25T15:54:38.968359+0000\",\"flow_id\":1020129982727847,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":49738,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-03-25T15:54:38.968359+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-25","alert":"Phishing Block","trigger":"mx648.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"static-content-j.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:27:25Z","last_seen":"2026-03-22T08:38:34.550182Z","alert_count":0,"request_count":1,"received_data":6700,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"mx648.com","ip":{"addr":"104.21.55.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-07-16","domain_rank":0,"first_seen":"2021-01-31T19:16:09Z","last_seen":"2026-03-24T12:37:25.157827Z","alert_count":5,"request_count":1,"received_data":105104,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"m.mbx72.net","ip":{"addr":"172.65.201.65","port":9119,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-01-10","domain_rank":0,"first_seen":"2025-03-07T04:29:51.379423Z","last_seen":"2026-03-24T12:37:25.138929Z","alert_count":0,"request_count":1,"received_data":105284,"sent_data":507,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"file-latest.rkvcviwf.com","ip":{"addr":"52.195.237.155","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2026-02-14T03:18:41.625249Z","last_seen":"2026-03-22T08:38:34.891673Z","alert_count":0,"request_count":2,"received_data":54712,"sent_data":976,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"accounts.livechatinc.com","ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2005-10-31","domain_rank":44666,"first_seen":"2017-07-31T05:50:56Z","last_seen":"2026-03-23T12:39:59.395752Z","alert_count":0,"request_count":1,"received_data":1797,"sent_data":534,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"secure.livechatinc.com","ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2005-10-31","domain_rank":8212,"first_seen":"2012-08-20T19:27:12Z","last_seen":"2026-03-23T15:01:12.367212Z","alert_count":0,"request_count":1,"received_data":2002,"sent_data":712,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.livechatinc.com","ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2005-10-31","domain_rank":36142,"first_seen":"2012-06-22T08:37:34Z","last_seen":"2026-03-23T10:39:58.103915Z","alert_count":0,"request_count":14,"received_data":1064134,"sent_data":6715,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-22T22:23:33.61086Z","alert_count":0,"request_count":3,"received_data":772491,"sent_data":1590,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.vrfpshbc.com","ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2023-07-07T23:23:19Z","last_seen":"2026-03-22T08:38:35.615892Z","alert_count":0,"request_count":3,"received_data":8106,"sent_data":1480,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-03-23T03:00:19.068831Z","alert_count":0,"request_count":2,"received_data":30887,"sent_data":1291,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static-content-cn.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-11-08T06:15:29Z","last_seen":"2026-03-22T08:38:35.941993Z","alert_count":0,"request_count":15,"received_data":627216,"sent_data":6979,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cn.memxzf.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-24","domain_rank":0,"first_seen":"2019-12-24T14:47:07Z","last_seen":"2026-03-22T21:44:18.455052Z","alert_count":20,"request_count":10,"received_data":637616,"sent_data":5529,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"api.livechatinc.com","ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2005-10-31","domain_rank":29526,"first_seen":"2013-12-20T14:27:35Z","last_seen":"2026-03-23T22:39:45.742119Z","alert_count":0,"request_count":4,"received_data":20306,"sent_data":2487,"comment":"","tags":null,"fingerprints":null},{"fqdn":"game.zzdyenye.com","ip":{"addr":"13.70.24.35","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2021-06-18","domain_rank":0,"first_seen":"2026-03-16T12:24:43.806102Z","last_seen":"2026-03-24T12:37:25.074104Z","alert_count":0,"request_count":3,"received_data":22278,"sent_data":1394,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"banner-notice.6dqr2n.com","ip":{"addr":"13.70.24.35","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-06-01T18:49:53.405981Z","last_seen":"2026-03-22T08:38:35.124021Z","alert_count":0,"request_count":3,"received_data":25422,"sent_data":1332,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.f4bzyrz92us3.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-02","domain_rank":0,"first_seen":"2019-11-02T15:14:40Z","last_seen":"2026-03-22T08:38:34.513994Z","alert_count":0,"request_count":2,"received_data":55857,"sent_data":903,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.eaafacef.com","ip":{"addr":"188.114.96.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2024-08-15T12:53:23Z","last_seen":"2026-03-22T08:38:35.955604Z","alert_count":0,"request_count":1,"received_data":3189,"sent_data":506,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.v1c2h.com","ip":{"addr":"13.70.24.35","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-25T12:54:58.845462Z","last_seen":"2026-03-22T08:38:37.406141Z","alert_count":0,"request_count":1,"received_data":35339,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static-content-t.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:48:51Z","last_seen":"2026-03-22T08:38:35.683317Z","alert_count":0,"request_count":36,"received_data":1053838,"sent_data":17878,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"file-new.a4hskh.com","ip":{"addr":"13.70.24.35","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-10-23T12:54:45.112235Z","last_seen":"2026-03-22T08:38:34.60456Z","alert_count":0,"request_count":1,"received_data":91707,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e63o0h2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb1213ad0551c5dbdee7621467aca4d9","sha1":"1fee3c6d2e7b8d5791d0b7d69e64afd064442189","sha256":"71a64022db96509a3492b965ae932ab1f44441a251231b72c974d27ccbd240ed","sha512":"1e2ad789663291584d287bc0b94778d20bd8246db0d677c9356f00c2728a91776fe97703e5cdf5eb7e2d7bebd556baeb9c34884df19f11d0039b2ab8da5c1904","ssdeep":"6144:YuZ7q1MyflCscuKRZwMl58G1ppnlbW34g9bc6uzJcYQ:7BytCRucwI58fL","tlshash":"aa9407cdb3d674665392f478903f018ba57a68a2f44cc899f185ccd42e74a9a8277f3c","size":417990,"data":"","first_seen":"2026-03-25T15:55:30.48966Z","last_seen":"2026-03-25T15:55:30.48966Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/livechat.C_NEk55W.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"751c8b468e879d6d7ffba88d22247bd4","sha1":"157a87c0c3d29e1c2c050807fc49cad39575e9a0","sha256":"2e78c952d37274015308f0ca9c1b3ab24627eafd6daad1bb2ab091a4aa6b45bb","sha512":"c3fa2815fe599ce10f97a256f54f10d017b610e1380393a5754d4bcd415f98438a406e83c64a47c3b4aad0ee22f065bdacd31cb9136ab564bd24d0db412b760a","ssdeep":"","tlshash":"2ee05ada9b017ae7f998cde8c404e8f656f723ab4be083b0c4ce53715324065df05502","size":401,"data":"","first_seen":"2026-03-25T12:35:16.655712Z","last_seen":"2026-03-26T09:55:41.707499Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1774454076","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dad669c3b7e0b96d3f7bfd93981d0e6a","sha1":"c7c15068eaf90c1303e18943651fbe29c61c67e4","sha256":"1642a622d4b5359fbac8641769189e95daeeadba92988cd6dcd8abe8a2ab7f8f","sha512":"5add6170722dad490626dc358b960a4964e35008ac2a9dea888badd1fb34210c4c1b531190bf6244983a5ebf0cbaf19f2be30d5940a19cb44fed71cfb4b3997b","ssdeep":"1536:+6rk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:LGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"f933e61ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfef8","size":54487,"data":"","first_seen":"2026-03-25T15:55:30.485494Z","last_seen":"2026-03-25T15:55:30.485494Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"add5a73cc868e84bf9a23645f6ef6bb3","sha1":"6e50ec60f742ea7803949bbb218c2e0aeb5c7cc7","sha256":"812e1852a05493abacd78b57865eb01f267b5a99e9a282b4e2099c2b2186394c","sha512":"a2ac5d905cd94e482d4d74a3e6c2fa3cd15587b91341bb8828701bbe7e289d0c9cb80c86c8544fb14468b55b21af7122e9d7fadca8a1eef571cecf82ac679c57","ssdeep":"","tlshash":"95e02b2a73f51004217730190b2ff6663d56302b0285ee013e5d57f13f54097f103a48","size":345,"data":"","first_seen":"2026-03-04T07:05:29.830045Z","last_seen":"2026-04-12T01:12:13.838224Z","times_seen":85,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19463678\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fcn.memxzf.com%2Fhome%2Fregister%3Fcode%3D21449\u0026channel_type=code\u0026jsonp=__i9crue4t7ns","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b6ac9a3699474cef402d77c600cc196","sha1":"013338b107f770c43ad35814b4e89e3314a674b8","sha256":"d8b5292a947aa700c5cfd69637442d957c0dda308dcd963ae0e6648461771008","sha512":"93c101ba9c0e5468f66949cf66a10405c9f85a267d3082f35cd70b086d98500796667a42e60825042b6b673b44fceb093949629ba07d8823de3d8ec5a562424b","ssdeep":"","tlshash":"fce02622eb0284359ec5e3fea428be02ae3047eb92455ab8b6691311525f7cd6325607","size":352,"data":"","first_seen":"2026-03-25T15:55:30.418294Z","last_seen":"2026-03-25T15:55:30.418294Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","size":520714,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-12T18:45:30.683364Z","times_seen":14044,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2aa8229407ac0050906f4af6c31fa64c","sha1":"7a8a44fa095104bb3a77629715ebfaee39ee0e29","sha256":"7ae9ea697283728421368f80dc80d8c2a090b2a262e027fe71e3c476cf4a6406","sha512":"dc61dcc9e4ecd63682c5cd452037c818b7ce195e2296d8bbeaa1f617c9ae14aaacc02e79b37fc2c97c1bd19bc24899b1bf623e15262122c784a9f8f0b6ea8ef9","ssdeep":"","tlshash":"74217b166dba108227fb307912bfd2c832b99017058bd9c03d9c65408f2cefa26f9b45","size":1201,"data":"","first_seen":"2026-03-25T15:55:30.53132Z","last_seen":"2026-03-25T15:55:30.53132Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-12T18:56:47.788215Z","times_seen":786755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e546d7ad4c50322dfaa6a96fd320c46b","sha1":"9c861759b7d3839274623f234768efc7cbe04158","sha256":"0c660204b059c921518b106d14f4dd061d6459a0802ca5d113a651415af290d0","sha512":"2416ed5d7561d5c3a0c323274d94743687a5aba05ed8098ba185f2debb871b6b691aa4590497b5c451dc644fb594e2ee417b53a5ab0072c2a6f6c4f3b02ffb0a","ssdeep":"192:/ODdk3EGClSTYtR/yy9lWVCytUNJDkG1ys:/sSCLDn","tlshash":"b802bc8df1a752b829b73036537f10c2ab6f021bd456dc30ba8f66b44f82a10a746799","size":8776,"data":"","first_seen":"2025-09-12T00:40:29.99588Z","last_seen":"2026-04-12T01:12:13.84129Z","times_seen":412,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","size":13514,"data":"","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-04-12T01:12:13.811041Z","times_seen":1015,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/sandbox%20eval%20code","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-12T18:56:47.774972Z","times_seen":788324,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/0.b2s4mOMJ.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"b027a3d5d5a1d848df6d48ab490fd66d","sha1":"8e3d89d2a1a9665ae0ecdff14273c4ce8c38b56c","sha256":"d99d19d39b2fe903970ddd94f27f6c11f8a7adeec5c7c57f411b7bf157f0da2f","sha512":"9ec1b6ce966262a8055b95427e56c01d3326e31bd84629d4b6ac346699a05d14175166dd67d3a07d2002908e60880f719f3c61cb6951f7c79e12cd823f44b1ef","ssdeep":"1536:/dlVfSLmtQZaHlfKYPQvC9nEm9vzM4soA2PsuMIY:/JSLmtMaHli29rzM4soPtMIY","tlshash":"41732ae2f682f4399be7a4e555384003fa3a7958781cc270f31cce20619e58665b7f6b","size":78953,"data":"","first_seen":"2026-03-25T12:35:16.706666Z","last_seen":"2026-03-26T09:55:41.758178Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","size":10405,"data":"","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-04-12T01:12:13.785959Z","times_seen":434,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","size":60825,"data":"","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/8.eV4yDChl.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"218f352c3cd09519a9a60b2fbd2ee036","sha1":"39c0967aa6d5d358f667a5caa5263deea5bf9e2f","sha256":"118d1bc5286a56d49b8476beae2acfc58ffe2bcaf3be2a997582d00545b9aebf","sha512":"e113f3b2f87e9c719a4e7ae62cd6dc849d995355464441e2d006d45a877fe8a88d2cca8e1309b41a97cb1afc22d4c5dbeab1f7bf0b21a959f36657b7a50fb300","ssdeep":"192:JbZtPuLpcfXjyJzCgvNtUpPJmrkZYfnwS1fl3XXJWXzqdByyYYiktwbaQ4BM:BZtbjyJDvNtUpPJM1p3JXdByy3RtwuS","tlshash":"6af1f9bff741e4b0e3eb48a19a1a0113aa3a1754755d8070fa2c8d10a159ac4b277ffb","size":7870,"data":"","first_seen":"2026-03-25T12:35:16.730443Z","last_seen":"2026-03-30T09:59:39.342332Z","times_seen":375,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","size":24119,"data":"","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-04-12T01:12:13.789354Z","times_seen":693,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c7ee54a7240990e7c3b05eab06f4a2e7","sha1":"344f7f9163a8214f5583328970d8f6bde9371089","sha256":"6d762892025be8c5b37c804c06fb5300353bd9a6f57eba232b5775b29106cb61","sha512":"74636b349bc64770baea93e5542d1d579192ef0367b87cad5b8a25a2898a33540b82e85ae90c7f7a5a40280d1c97c6c898348123f243ad9a9da93ad7f80f9ed3","ssdeep":"","tlshash":"8c01dc38f2744a4660bb70722d6be81aa9a94c072c0bda14f86c05e12fc06858b6194d","size":760,"data":"","first_seen":"2023-05-15T15:49:02Z","last_seen":"2026-04-12T01:12:13.8419Z","times_seen":688,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5728a3b9526e08d6ac7f1e072ddf93c","sha1":"72af679d93d70f23d772aa5cac25906d10a5ee73","sha256":"188b51151a9769d20a655241562a5b9d89c0e08715b0602df6b046067f808914","sha512":"3b5844184b97826387cb5cd0067143f9f974121254d6045f625d4c2b597d7d9bb4936a5294b892409951058a8a9dca375f779f970ffc4a34d3b471b0029172a8","ssdeep":"384:dqJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dq4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"ead2d9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29905,"data":"","first_seen":"2026-03-25T15:55:30.479431Z","last_seen":"2026-03-25T15:55:30.479431Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"986594233ce57549964f51fbaa529103","sha1":"eecaa2149fb59b7c1a0657729778622a554d40e4","sha256":"d0b03fbfd797b445ada36cf8674cd627711319c730af3216090e0ebf367c4d12","sha512":"7514acd421d148a19e96d20f4c631d086c3e986514ed79c8720fada075d3ee317c276b79a2c2e7bb027c373fe0c49ceaca4d995044314b69a85ca24a8957fc18","ssdeep":"192:AJ2wJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:o2GbDK6czdOnXH3qBmlc","tlshash":"1e82b81875fa0061542320b88e9a618c7f26950f920a5d08bd6d47e8afcad7195d3ffb","size":18635,"data":"","first_seen":"2026-03-16T12:25:03.339087Z","last_seen":"2026-04-12T01:12:13.777497Z","times_seen":67,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"163e2b6023daceee37dc33d1f8dd8991","sha1":"91bfdf60de3bb21c299fd2f3dfc66b6fe412bbdc","sha256":"4149d7b47272979a1f22d429f09cd14c122b9a29c5e9918d2a06021e5651b841","sha512":"075b1814c918033631e05bf83575553c8da0f54a93bd36d34a70211fbb33596dc4878235004a8d3789316741ac61be96bb47d6ce27a21ca76174af0a699968b5","ssdeep":"96:Ot8PmcHcnur7EmkVPDaur7HufE20IjB0JJdpJl4DLMwSCyagd:aSWnDT9Daqq10CmXqLMwSCyJd","tlshash":"3d91336afeb30165507b102f16bf6a587d9100236108ed2dbcacdcc55fe0d0675bbaae","size":4590,"data":"","first_seen":"2026-03-24T12:37:54.832256Z","last_seen":"2026-04-12T01:12:13.842473Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/tracking.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2f166ea0777e9b95bba7ea69b861acc","sha1":"a01f419793109bfa607f456a7fd50a0a28011b44","sha256":"53424d146551c5315b3b43ec6ca30311d17a78f70f081def6bfa19b08d010cfa","sha512":"af009032be8bc187ed48add38ffdb844ff81eca25c8779162919d82625e794499f951af23fd25f03487770161a511441860dd609200c2617b280e95d9625e20b","ssdeep":"1536:E5y/uRri7DJnagIckNmeuR5bydWiBwpDwLCPoRvCRW6Rgt:E4/uRu79aXuRxyk8vCdRA","tlshash":"bda338d67282b03493f785e7a17f6216b33a191c740d8410f17cec6a396a9879177f2e","size":102724,"data":"","first_seen":"2026-03-25T12:35:16.698664Z","last_seen":"2026-03-26T09:55:41.761807Z","times_seen":84,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"528ef4a1a4b0d93d15940376c9f30a94","sha1":"3dce760e0effd87001127aa2e43a33df79cc2ce4","sha256":"e5778ea07b95de382d159e4876a0ab85ad9cce8343ca2034ef7219a2e7e6a47d","sha512":"e52fd3701f7f4929be758d430d3e9c6325b49173875b2c3934e6b1e0d73033f42aa40bbac1b98651402364a6d920b2efd3bae7950c7d8f87bf4d0694bce361d7","ssdeep":"192:t4tYyfgH8iIXXyiCavEEM8g2Frp3dx4rOyKztANA2A8ARadKHKCST:YB02hkstw","tlshash":"ab02b41af9eb1605293730ad1b7f418875b8d1236548cf30b94cead40f96914d2bafec","size":8902,"data":"","first_seen":"2025-03-02T07:32:23.116883Z","last_seen":"2026-03-30T14:28:44.979286Z","times_seen":624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"273b9952f02d2b1e0fb7172fe674f2ae","sha1":"368051f8622111f20cc1148a5b40b68e160f9632","sha256":"f3f224d959f3f5e55647ad2ad992b64f0754927b5944d22cbc7a155b4508d0c0","sha512":"c9b57a67752d033275362623e60873006da2a9c58d00602708c2edd630dafb4241ed1ac75cc2737d494e558ced132b18346cc611d199df96075a02e6dc0b7904","ssdeep":"","tlshash":"ac7120e2fa58331c94bed4e90cbb21c6b19508e111418c74bd5d53e07b2686d2f3beac","size":3705,"data":"","first_seen":"2026-03-24T12:37:54.833877Z","last_seen":"2026-04-12T01:12:13.844984Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d0b0bc1ef7bcdddb43044412caaef9f","sha1":"7486b48306bd3c1c94547a5c4b238d40e4c2be3c","sha256":"87f57b68bdd4f868c5a97901e2bb9b9192d77093a62ba7fb2b0a405e4d73eb6c","sha512":"9cbb500a3bb1bbe52fd69f7b3ffe53f325c55da5b7d3510d72dc6f01b9ff25c3f268e8317a86d65c787fee9d23197cb877c138ff00416ecda80d40c1ee9e281f","ssdeep":"","tlshash":"9be0c216736e1091842328154a3b53054b342513682f7c02fc8d02941f2e60cc073a02","size":382,"data":"","first_seen":"2025-03-02T07:32:23.118872Z","last_seen":"2026-04-12T01:12:13.845636Z","times_seen":680,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-12T18:56:47.788215Z","times_seen":786755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/newlivechat.js?20260126","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"82236be894134d60c1165840a2f1f432","sha1":"299865c8584f72365c7f4d87d99e8702c4cfb68d","sha256":"ccc9ca0fdd0b8e6f3cf3145e5ad7b9730cdf9573d46631916fa5055e1f6f84bd","sha512":"8ba9b5c320cdab328fef9faf00a641ed97c0e36eafb46b330637f90cbbc8bf503e0ccea92c33e6a886f53f37502fea66f5ec4722787c2334f6ec41ca58bbe768","ssdeep":"","tlshash":"2801d089bc45b076ab56326c713bfa07516213156844683348ee87bbeb32e9b410358c","size":733,"data":"","first_seen":"2026-03-04T07:05:29.810152Z","last_seen":"2026-04-12T01:12:13.773277Z","times_seen":85,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2555f339020a12dc222468a0dda8d97a","sha1":"1a1aeca699fa3b42bc0c4a481c44296c08d15fa8","sha256":"0e4ec376730c75884949620609cd9e13e8efda55e4e7f58a1927078e84f17e8b","sha512":"a5129128092500ece1fc8b40bf41a9cea132aadf95e4fda4d749c929ff3bf2b5ab18c32c180e74a49b2403ae0cdedb3ab3b0d1397ba56fd7b910883c43f25fc8","ssdeep":"","tlshash":"8ab01200441a3007f155157754c1422815140c95490ba26766683b32d28d0811df8347","size":98,"data":"","first_seen":"2026-03-25T15:55:30.520595Z","last_seen":"2026-03-25T15:55:30.520595Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/10.al-9NYxR.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"4a073c5805819d74eabd3e843372d502","sha1":"cb12e953dbee2d3ea08d35d86bcd2476a490bda9","sha256":"0cb3247cac5de8fcdfb226ebe2dc4960b6ed473966359f73ca13ca286309122b","sha512":"036da8fb3959ebbef26b546019535a9edb7a99227a28252878247a756d3a7ea693f48e9ffdaf5886faa7fb2cbe56292bbf9552db5dd1d26e6574d8034ee183ba","ssdeep":"","tlshash":"ebd0a78cb643b0b16276b138853f801fb035e984a44404f0d13ad9c03d7c1a97597c5d","size":236,"data":"","first_seen":"2025-11-04T08:39:27.95245Z","last_seen":"2026-04-12T19:22:52.517509Z","times_seen":11360,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/11.DJPUQwQu.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"640caab52100a1e9dfe618aaeb79838f","sha1":"4654776a82e5405614a595d40cb33ca2b5bae0b5","sha256":"fb8eb817d7251014c136b441bd4004fa6567908059013edbb938925f23b67ceb","sha512":"17d605182be517c5e797b2fd823b9ab7b6bd73d97bd2c3d11c5eb29d108cd350d789116528e351abaebdf3654cc65100b9e3353064ba38c9ab9008126c6a3061","ssdeep":"","tlshash":"00e08cbdfca8d92152f5e9f8c0b60822cb593b0e502382b0f60e6f4a9519199a552826","size":300,"data":"","first_seen":"2024-08-27T15:26:59Z","last_seen":"2026-04-12T18:47:53.256646Z","times_seen":24098,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b42e0314adee140fb5e18e096f4bacc6","sha1":"88a0dd79b84b2e572836c66669ab55f89b900b58","sha256":"79cfa18812005def94e215acc70f8ac882ed591a822067b972f4ac2235c6f1f4","sha512":"99546e964d9fbec171b64edc7d2d355aa9214fd8948f81883cecc0950eb590e49bfde4a8e76b7941c43b9e1d9670e6058f566d327912f96e3d7f7ed00553ec0a","ssdeep":"","tlshash":"b6c02bc8211a0c7191fb27008b3ff604b402721898e96931cd0a33054d30e03db58c44","size":155,"data":"","first_seen":"2025-03-02T07:32:23.121669Z","last_seen":"2026-04-12T01:12:13.846368Z","times_seen":688,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fa249485a4961fe24b760a4d9e9febce","sha1":"c21e2c980ab76e0f7a7f9cfaecd375bcdaa20fec","sha256":"e41ff2bf25448947d8dab8b9ca03133890adb03079188916abd97b5498ea4fa4","sha512":"fe75a281232dd8aec23d33f4f14da97a77561267a7cccd1fc3c51f165aec9b69599ab0d7706c8f9fa72a089744e604a97b9b5f9950e4cab9c607bc2fc777023a","ssdeep":"","tlshash":"2001834e345c05e721b776e733f3820cb86756071084f492f74c869c0e008ba005b4ac","size":688,"data":"","first_seen":"2025-03-02T07:32:23.124386Z","last_seen":"2026-04-12T01:12:13.847841Z","times_seen":677,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/9.xhyEK0_l.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"c96a39460d2b0a92409b2b92f3da88f9","sha1":"c1ad7e3c7f38743ebadf589676726dad6799a9d5","sha256":"af2012b0cdfa449f186df2f8dc9b3e64b48b8c5c630cc8d3c4df61973499e7c4","sha512":"c6a642b4f09c7dc0b2679c972cc99e4c1e00e268d309aae062883d3eeeb7d3e39bef53388dd20aae7f733da57ed2374c1b12ded0997cbca2762b4b03c332cbfd","ssdeep":"","tlshash":"27a022ca38ca32ae020230300f0f20c0e0b8c02c030e0328800a0200b2300a002ffc3c","size":74,"data":"","first_seen":"2024-06-24T12:34:03Z","last_seen":"2026-04-12T19:22:52.648407Z","times_seen":13639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","size":95931,"data":"","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-04-12T19:37:18.493409Z","times_seen":16545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-12T19:00:22.184958Z","times_seen":104748,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8c1970509d6685e2083935ecf85d15f6","sha1":"9aac9d9e75fe23a5d3810a48fc9f27bfe289052d","sha256":"e2c5c18ba684f19a5a9dfaaf18767b0ca4f5be1432930a6f62b9a037d2fe64f9","sha512":"db7aa85b41a5119b689a59ea38f935292b29ae2268a126e37c443427b6ec8622597f732bba99d31902a65cda6776c2355b44209ebec3cb792cd2923ca2871e5e","ssdeep":"","tlshash":"e5f097de1385ca6e24e63cf83027b44ca8d90c2b35eeccb89c00605218c663300e229f","size":486,"data":"","first_seen":"2026-03-25T15:55:30.541685Z","last_seen":"2026-03-25T15:55:30.541685Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/4.CntM2Eu5.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"3b5733f577229564cbd78f82945cf894","sha1":"135de320d29e47c403beaa26faf6a0f9414dfb26","sha256":"f25d4008e812a41aade7850eec9ec349e32b45b9f7e6ccf9aed51f5df852d306","sha512":"4be6b004c48bb3bc77b0621dcbad6c857cd484d0400a64f0dff67e170ad1c4a3c516fc24283386c3033c67901cb968c634a56412d6905663a109cb26eb21a877","ssdeep":"6144:1tMuoTGhHxd+olP5nZfpUTHOrqZ3IpLp8T:rMuoTGh/+olP5fUTHOrqZ3IJ6T","tlshash":"a2245bc4b18af53887eb34e6547e2002f63d6d18784c8164f75dddb63da858a9233f2a","size":220799,"data":"","first_seen":"2026-03-25T12:35:16.708106Z","last_seen":"2026-03-30T09:59:39.343309Z","times_seen":381,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","size":77892,"data":"","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-04-12T01:12:13.827638Z","times_seen":917,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","size":10762,"data":"","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-12T19:00:22.184958Z","times_seen":104748,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/7.qYTqns9Q.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d541ce2d754402b833cc65b76eaea2c6","sha1":"c36a92a0f5cef497ce42b1e8b4c72c8d9bd3786b","sha256":"80353503e48ebf6c2ae9f70184d3e758f64bacf48afe147e039df807509200cb","sha512":"f8cd5cc49f9276c580419958bf312ee0a311194fd41d116ee709e56401d769511700031ec9f3e6151f8da6b7e13b16e374a231e31cb00b92413ce5c751c2a0b6","ssdeep":"","tlshash":"f090044530d334753111111c453f5c0551144c4c05d55730c010d5551f514f4571fc4c","size":40,"data":"","first_seen":"2024-07-04T09:32:22Z","last_seen":"2026-04-12T18:47:53.246403Z","times_seen":24967,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/2.D2dXvQOV.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"ac2bb52f3de28f969a1f7daa0d43add3","sha1":"260aeb3bfcb0772e3ffbf94ccff193ca41e4096b","sha256":"03885e9374f67093a1ce47c7422a8ee6c2c522824176d1324cdba0539fd45792","sha512":"26ed9bf488d7bc06d7918ea513d771d1cbdc746e044a984c268b6066fe29f2b42e85cedddfa509d34bae795997b4a65cb3e9ca1b87b6084693081db081367fc5","ssdeep":"12288:IECYeewHmkC8nMQQiHnlK1rwTyPObtrNQoS/22MYucW6K1AfEHrZ86ryIbM8f+5m:IECYeewBTyYDF","tlshash":"86946be47242f538dbe7c19b90bb1609f73d3d09b42e9660f1ade85e33940489267fa4","size":445806,"data":"","first_seen":"2026-03-25T12:35:16.681164Z","last_seen":"2026-03-26T09:55:41.747744Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"87044102cff06b623100ade4509413fe","sha1":"4910cda6da540e5340cc9357a21861856067ea00","sha256":"25d6d6174234062dea3e4341e86b162a91f2a8a245654aa69f6f5bd1282d23fc","sha512":"2781832da4ef05f20d23240d0321a6a74fba1a7baa07797ea68a8fb18b5bb7daf28176aec390a0a65bef36720af288df0be5afd889b52534c441ca011bb01a49","ssdeep":"","tlshash":"60d0950f1c1514382379147d10bae5ccb171104c907dd50040dcd4504964ed50c3d7c8","size":254,"data":"","first_seen":"2025-03-02T07:32:23.127917Z","last_seen":"2026-04-12T01:12:13.848718Z","times_seen":677,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"09b6a9ef54ab9c825298cd9a9d9ca45d","sha1":"eb87b20d55ec83c8d29417da60113f0283b2246d","sha256":"af68e9610525733157637c6a6d65d9d80deadf76dd5b96aaaafc133c280c09a5","sha512":"d9fa04f34e4c18a79fa7a70c631589cd16077e1c2fd880973624f8feb4d02cb19f56b3dca48ae8c60093d74cc0275d18bfd6ed9eeb9d58894498b86c5ecca8b0","ssdeep":"","tlshash":"e8c08cc028e20ea2553ee04218b9c29220712fed01739894e0ae931c2208060bbed23e","size":156,"data":"","first_seen":"2023-03-07T16:03:14Z","last_seen":"2026-04-12T01:12:13.849576Z","times_seen":702,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","size":62427,"data":"","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/global-mapper/lc_license_id/19463678/region?jsonp=__lc_region","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b17346aced6298b7e1cadcd62f40003c","sha1":"c28b849fff4b4d9d006d803bc4d18368446ddce4","sha256":"a379b1707064386da00957301b6eb053249cfb462047d44e4fb6d52898f5b78b","sha512":"93be3c00856eedc8cedd0c7bd2b2a5873aa85dcf9e893d9e972421d122c568cbb1c9b4ca633497bc80900f688898040a218616dc69a4716fcd3d5a2dc93fb928","ssdeep":"","tlshash":"8080000e20002ae30a20ef3e8023ec0cb03e033223008288c302208228002b0822ae0b","size":35,"data":"","first_seen":"2025-05-16T12:26:33.454661Z","last_seen":"2026-04-12T18:37:10.953884Z","times_seen":22636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f395743dd62cf3645b351788398889b6","sha1":"8b57d749ec9804515a99b8b9a4c457d6789c0e59","sha256":"4ce490577121285bdc87398d19f4fe4a2dbefa190d623399afc35323d24118e2","sha512":"52e2d675e704e9919e90b0adfd301064c0a7409114564ec4170b2a2611d38183a470ca284e3d255c11e7094e95bf32b7b05a11bf01ece0f70226ea8c0090c361","ssdeep":"6144:sZ7q1Nfl0scuKRBl58G1ypnlbW34V9b86dCKj/URQ:+St0Ru458jmK","tlshash":"c77409ccb3d6706653a3a478503f018bb27a6892f84cc899f185dcd42e74a5a8277f7d","size":352536,"data":"","first_seen":"2026-03-25T15:55:30.433588Z","last_seen":"2026-03-25T15:55:30.433588Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_configuration?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=84.0.1.41.38.43.1.1.1.1.1.17.2\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_static_config","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"d77fea761555331b0c05287743bd4c5e","sha1":"550875700f032585dd200126e715f77d936adad8","sha256":"de7f59ffa17729ff2e6d432edaf9ea7aec5d88610968b2f3459dc994590e387f","sha512":"283bfc167efc277eb5a8ff9005c79d87e177994e515bcda7c988e9b8c4c4b3d580a876edd2a8a5f9b40636d1546677b0c57912f44797874a1023167a2758c8ad","ssdeep":"96:H/993/mCi1bgrdQTP/9tw/mCvKNvKG8mTGFP/vCaq:z14IdQzu18b8m65Kn","tlshash":"53b13116835fc4bb6277c19963cab70f35485138b1ec0a3fe564d670a1862c7d60aeae","size":5090,"data":"","first_seen":"2026-03-07T10:16:15.763755Z","last_seen":"2026-04-09T08:39:29.988656Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_localization?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=4940c52ca0caf914a8b155bf4411bbe5\u0026language=cn\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_localization","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"54630f003417f9c46834391ef382ecff","sha1":"73648916e37855a4b0bf37347f20d21005870edb","sha256":"2b8e74248a2e4ed6d0629ae47bfce5393cc326eedfd9b86eaf91938e7896dfa3","sha512":"a99b016499cfee8018cbd61ac8d4f91264404c97ea8f5063b2cb122de769c850b57b26e2f7e6e4d43fb5df47cd23d6ba3da88ffbd5492f16434b62b3b89bccc8","ssdeep":"192:TtXlChwBLXkjJ18fjmiVdOFd79o5cKJmvmztlIQFxe2sHLc/evuhw3jIzso:TtXlu8LXOJo/ascHuLxV/evK1so","tlshash":"af521a2947a9fcbe02076ac4fa6b540a60d41689d4e04c2bfea9d51c5b44d8b73cfb1f","size":13632,"data":"","first_seen":"2026-03-04T07:05:29.805591Z","last_seen":"2026-04-12T01:12:13.834576Z","times_seen":85,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","fqdn":"secure.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"d30bfddcdb3764a782b7c8584021d1d6","sha1":"64ed02149d0db57e6c1d68992361d7c1330a663a","sha256":"5a8894efd9ef253bc344f5587ea4fb4f4b8da39d4dbd49a390c2302898411623","sha512":"7f7061097e172e659abcf34d29c148da0bc746fde1307cefa2bcc88ee94db292ba498b3f287a8436b39f9e6d44d5e145350896e447ac7c3cfb281a91a5bc6c97","ssdeep":"","tlshash":"79b09222c200942a24ba8118239fa6073110537a80660c1b143c64a436e610f80a239f","size":105,"data":"","first_seen":"2025-03-02T06:33:06.481005Z","last_seen":"2026-04-12T18:37:10.988752Z","times_seen":21627,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4da556734f4b410ce3f99b7a5d1602c7","sha1":"796c0c45978d28d16ce343d9cc38154d80da9f3b","sha256":"99369cde7758c83db3a0cf8c5e8c2298d043bcb243c93b1327acd242b7cfd2c3","sha512":"22e0dc1e0b2fbc3c91874da0b1861484068c6c587f86c57d6796cbb03b120d61de2165ec8fbfad56b96e2bae76c29e5932f7108e05a436bd3d3239c6e350e264","ssdeep":"","tlshash":"d7b012315b10516e2594d02d353f1800fcc66117ca00c9b5663fd9d149c4cf0c1748cf","size":105,"data":"","first_seen":"2025-03-02T07:32:23.133072Z","last_seen":"2026-04-12T01:12:13.850168Z","times_seen":677,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7e281b6261d7a4389d1a73ba7edca4c3","sha1":"3ff58b8c22b9a16f71fc165c2fdca441df3116f2","sha256":"7977e1460356f3afb0bd6241246a968d2f485a905c6248e534fb53140c96c53c","sha512":"1d007f47c8fd6020cb584d67325b21835a8b1fd4a63ca49cc014beb6c895d2bcc47369134b46715a66cd24b2965e92e10116aac415e0b6f09045f79eb2b42ecc","ssdeep":"","tlshash":"c7b09288e9a8402a91ba1922242212cd19aa1866e8c000821462d99009bab4c656be9b","size":114,"data":"","first_seen":"2025-03-02T07:32:23.13386Z","last_seen":"2026-04-12T01:12:13.850703Z","times_seen":677,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","size":68787,"data":"","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/5.DDJgJSMw.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"08183989d9bc505e82215b96d1581512","sha1":"1c0eab7cbf49c114ba686578f1fc1e6a32fa68b4","sha256":"30f5c6a4e57eae1f47d3c20ddc27f78d616094e519d1ded2eea87106fe08b34e","sha512":"3ff2c6ed74f219c420e45447b522a7155ec27f869fbb273ba1a1406400192e596da71dc5e5ab60910c447eada553545a96a0d1dd57cf7c6c307a7cc57ee5b01b","ssdeep":"","tlshash":"602121d91dc3d430d33c48e902e5889e697c8ea4e1ee01e0d9946dc67f20960667fead","size":1189,"data":"","first_seen":"2026-03-19T10:33:28.754436Z","last_seen":"2026-04-07T10:47:46.110501Z","times_seen":1312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/3.DazHfinG.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"2d77a6aa353e00f553a63318304ed405","sha1":"79829fe224284805c193a91d2fd444f246271fe0","sha256":"f068996cda742dd6fdb0e857c16b010966bf690480381465595e2b22935de2cb","sha512":"8a7fdf55c616c0d7f3f6d03d2196d7c4d82cb385c2dc73ba36ab9a08ac2f43cbee752de0e10302fda3277fa54813cad993b838b0ae98ac1f17e3d5001a67a228","ssdeep":"","tlshash":"fcf08bc53592f5ea02ab59c548379003f3298818b4baf580e614c5f12493057471ab27","size":546,"data":"","first_seen":"2026-03-18T09:33:42.028688Z","last_seen":"2026-04-07T10:47:46.077135Z","times_seen":1372,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/1.BCtRR-3Q.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"e4027fcf11913330b7f6a41e392d4553","sha1":"41d291717588619eaad013f40975e7a143f2b69b","sha256":"efeb21b102dcc26b6ed04fb8693babf155e17067637c483963ea54c397c6ae18","sha512":"370f2f5de0d75a09dac97058454a8ab0a3192de71a939f33fc83d36d1737778af469faf7e7f0112d897a408bcd10ddd808d08d9c2025179cd108c0f530b22595","ssdeep":"1536:EBW45ZFdvjhCQgPVA2vtIFSGurXS3qNFJ0WW:6jv7hgq2OSGSXS6Ngh","tlshash":"52434ddef24174315be355f2a06f9006b73a2a2c385cc0b0f629dd9925de44ba227f6d","size":55443,"data":"","first_seen":"2026-03-25T12:35:16.647686Z","last_seen":"2026-03-26T09:55:41.768256Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/6.CmDDbhqB.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"c3bc63875af35e6419ebf4990e9a1291","sha1":"0e0b7d2dd95abd8f282c722fe3fa4c4c90a275da","sha256":"a9162f8842f5d0b7554ee148f946446e6acbadcb40a2f232c828681a9685582a","sha512":"db8e5b7f70baab09bbd380fc701424bb71a75dd65599fa995333474df2ea5d69baa52da9e4ea25b04c02ca63b6ce80ba5e7467a99c8534719ccfcd45a23cffac","ssdeep":"1536:VgZQ8kK8O9hbCvSPT/FyXb+BzpHxQwXzmyU9zP+M3jYPuCoOTAjyp5pmLWqVWM:VgK8kKB9hbCWBswEwDm93j+tUWbAWqVP","tlshash":"d9d3f9e83951f9626bf312a710af5807b33c192b280c4950a211fdddb9b845eb17bf9d","size":138079,"data":"","first_seen":"2026-03-18T09:33:42.057685Z","last_seen":"2026-04-07T10:47:46.058674Z","times_seen":1367,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","size":34779,"data":"","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-04-12T01:12:13.806908Z","times_seen":692,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"971c3cdc01aac017b45d6aaf9d29f3ca","sha1":"43b0e892b57bcf623a59772c8486e310db12b99e","sha256":"095e217a343951c56a3242eeb3e57680822ea3f9289c76751d6ab036ffeca2c2","sha512":"f63223e81453fdcd94958f3f49eb7534469ffbe1c58df30637d72679a79818c7f478847923dc48781ce5d7f6d4586acc1d9a19ddf97aa474f1036eb995c8cb6b","ssdeep":"","tlshash":"f7c09b31d97994d45d3694c5041593793cf4e03207dc5321f7d8716ca7ec75151a1643","size":134,"data":"","first_seen":"2025-03-02T07:32:23.135874Z","last_seen":"2026-04-12T01:12:13.851254Z","times_seen":671,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/sandbox%20eval%20code","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-12T18:56:47.774972Z","times_seen":788324,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"8fb19d15a807881e5a7994a358c9b8cf","sha1":"3c99291f7828ef827f0ef91fa1fd26ac02d45dc9","sha256":"d84058bd71bc34afc30a8e0434da294d6113264bafdb9a93a3627cb3e9e54ba9","sha512":"90bf18e3befadf1361b2574f56d28a4269c7d13f5816ebfd8869b9160a889901dadd569c7781484f2a2b8bf961b620a285e46b9726439d1ac3d010d68852c146","ssdeep":"96:xJkC2G3sf7cWGA5KK1IxXu87ssysd7TmuGz79djLMGcslsghGdHjbI/LDHCqn:PkC2WszNnD1I+C7VdX9kXjLMAOghWHji","tlshash":"17c1011f416223299027dca94bf4a7138278e8667d5d77fa24122a29d7cbb4115e338f","size":5837,"data":"","first_seen":"2026-03-25T15:55:30.54793Z","last_seen":"2026-03-25T15:55:30.54793Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/close.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/close.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 1148\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-47c\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 41a015024534401a6932b974cf5e4ff3\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 21 x 40, 8-bit/color RGBA, non-interlaced","md5":"64ead6c5d9cbfe3e933c97c2cb20dacc","sha1":"b7b034fd70b27180d27daa9c8bacb50ce721f025","sha256":"55aa71e8f5f59bec62fc6361e10bcf106d21af39a087c4009931884fd03b5229","sha512":"869b8e2b2c8d8ee615c302cbff59fd745f0cb1f32afbca0c89a469b4d1ab61bbe01905b0a8ac07527aa4f763fd11dad2141a58706334062f37dc6267f55dda80","ssdeep":"","tlshash":"0221674dfb8068029445c5c75dfa8033ea234984daf0f861b487e4151ea12b549496eb","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-12T01:12:13.796998Z","times_seen":816,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 284018\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:04:35 GMT\r\nETag: \"6344dd43-45572\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d1db262341a0c12600ea5bf7202ca1c7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":284018,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1920x1005, components 3","md5":"0b9750ad0104aa2243554d5b8007f99c","sha1":"a4fa7203acf5d89e0a8bcf976ed5d7eba62f30e4","sha256":"d234723f8ad984edd04a5dac23778f6832fdd954187461b8b09d46f542dd41e5","sha512":"6cfbf1045d4ca6a956f1bfdbbd39ab5fbbcc01a64612269dbc69b0d663f37ff8b289a657542ad0e00f54e8533e025306c5810ad6fff71782b65f4afeee65ca25","ssdeep":"6144:r+Ywcq6S74AwBaFtWcSnU0aOe+shTOMLO3jpT9a4:r+Ywcqp54aF8pU0cTOMLO3jR9a4","tlshash":"fc54223006e0e7531a7012f36f579fbb5e33a37d68a5da0c69ae168f4c4a35426f204e","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-04-12T01:12:13.787897Z","times_seen":760,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":56,"dns":0,"connect":0,"send":0,"wait":234,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/btn_close.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/btn_close.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 672\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-2a0\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 28dafe3bf3e32d2f9fb0a95943eab5f5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":672,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 8-bit gray+alpha, non-interlaced","md5":"9bb39b9f25e57e73ad06a45b4bb34b6a","sha1":"104fefbe66cf791b1fc1b3a933a16e6606febcf4","sha256":"04082d0d7f70e5f41e4ca58d1712420801b243cdf5a21e7012ad4e70ab05f42e","sha512":"abfbf162af3b2dc40cea4c02d20f2af4e4d5ce586221af4a70b6ee5adefbb4856dbaf44208a3b48efc1149ddd15797fd3fdb650573a2aea78b9e85b20ed3eea3","ssdeep":"","tlshash":"d201d8f775fc213089b0639e9306919adfa703b2811210f8622875754075aaf1d79303","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-04-12T01:12:13.832664Z","times_seen":657,"resource_available":false,"data":null}},"time_used":1889,"timings":{"blocked":1663,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-j.wb27jlt6u066.com:9587/fimg/202505/1a9924b67880434fb3771e34217f417e.png","fqdn":"static-content-j.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-j.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"70:63:CC:0F:0F:5F:80:F6:C9:7C:9F:46:F2:18:BB:F0:81:76:AB:57","sha256":"6F:3D:C2:F9:AF:3C:86:73:A1:D2:80:61:D4:B6:17:22:DA:26:77:B7:DD:45:E4:48:70:54:B5:A0:02:F4:69:D8"}}},"request":{"raw":"GET /fimg/202505/1a9924b67880434fb3771e34217f417e.png HTTP/1.1\r\nHost: static-content-j.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 6259\r\nConnection: keep-alive\r\nLast-Modified: Sun, 11 May 2025 06:29:47 GMT\r\nETag: \"682043db-1873\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: dacb573dc61d184ed1def60f70ecd54f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6259,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit colormap, non-interlaced","md5":"8c4532aea4471647fef42bbfb068a07b","sha1":"817cd77579876f295d130b198b0619210681035c","sha256":"62278a2db166030d1157dd13ad3e3cd3564df80fa8acf4b8f0396de467ca330e","sha512":"23dec8e31d8dbf92568525198d09b0fe91e6aef5aee59a4b4d55e655aeff0f0f28a404490524f0907eb19522033af6754bfbf5c7f810a2013fc92b101e17d1c7","ssdeep":"192:ddxAOgq6/irKvADndSJhpg2o6GOHFLWH5i9cY:d3gvieIR2o6bFLAkOY","tlshash":"b7d1ae6ea1fdb53e5628e1d5e40dd714444b3ec4922c1ca7c7f129d46b7087be583a8c","first_seen":"2025-08-07T15:42:17.356378Z","last_seen":"2026-04-12T01:12:13.795981Z","times_seen":538,"resource_available":false,"data":null}},"time_used":2493,"timings":{"blocked":1503,"dns":0,"connect":5,"send":0,"wait":233,"receive":1,"ssl":748},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_12p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_12p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 13381\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3445\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b2cd6a98c6f56d557b306138640637e8\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":13381,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"771df357a82b3f121039b605126d9031","sha1":"49ac1b1ce8829f54c43e4012c0b21f2fffc6fea7","sha256":"7020ab66168f898a06e3743b3793745da0a9d6017bae2934e842e6ec4addc094","sha512":"acb489f3f721c83653262e26fc5831cff21e293becedd745153219f0300318977a485df8717b9195639e7a4a8760c2a988dc1b18a8a4bf5b907da84674cc4c5f","ssdeep":"384:XJXE05gzzzzzzzzz2Qz9IcDmF/COICUtw6ei/CXd:F35gzzzzzzzzz3xydLZUtAt","tlshash":"4052e14f486980fb060929e40fa043559e9667ff4f65ae34c0d27db7942de5b2fa8423","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.831677Z","times_seen":798,"resource_available":false,"data":null}},"time_used":1721,"timings":{"blocked":1493,"dns":0,"connect":0,"send":0,"wait":226,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.validate.js?2017121201 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-ed9a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 334b974fb17e9d4ca05e99a7de9c87ed\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":60826,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1256)","md5":"10a7342b134aaa94d2bb69c5f42a86d8","sha1":"e4d286746c825faf00e59edf3c58e2b27a398b26","sha256":"7f07178d31dee82cb12902881fe34c7d8c1943fac3c8213e1b906f36f5296955","sha512":"2d1bea9d4088a8c37b97bb3dec63614cac99b246b26b8fe69b60fc7ba5f81e8bce6c71f52d79c44c32ac18030a388f16e458c1188cfa9cca296e2aecb186c321","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/H:Kumy4NJRHqLkI/","tlshash":"60533c4d3ae710158d2b30beae8ba149b6b5405b6109ed1c7cdd02a05fe4db862f5ff8","first_seen":"2025-10-25T13:35:11.554574Z","last_seen":"2026-03-28T01:27:06.11899Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1521,"timings":{"blocked":1284,"dns":0,"connect":0,"send":0,"wait":233,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 7362\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1cc2\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 66de7109de050a9f33ba05fcc8864ad7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":7362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"450da5e1024050be47083963bfeef8a1","sha1":"498dc30e72d3f82ddc7d12b8a8cfdb2fa1aa4323","sha256":"b8eb162ba4dd5f1752300b9625aa98f924eb55d937826b2a227f86ffb51f05cc","sha512":"af4c3f1367a37f623dbe211a17f3d55c9211e388d879d22a286b23ea5ab353adbedb3375199b7a50a8a1e391b9027f22d0102baa7c719533570c3b86a8f04bd2","ssdeep":"96:GY2gCFi+8zRv9iku2V0zRWTFatQL8R2zRPJWs1Y4v/iP0TnRiNXoHAY334hrK31Z:GQVsklKrt0wKE4ugnANYgY3blMu4xG","tlshash":"c8e1ae64bdf180d5d29dbc8d7fd6d063e82b8fd78180722658aec40a55a40b1e8a0a6f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.794951Z","times_seen":811,"resource_available":false,"data":null}},"time_used":1201,"timings":{"blocked":966,"dns":0,"connect":0,"send":0,"wait":230,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_configuration?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=84.0.1.41.38.43.1.1.1.1.1.17.2\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_static_config","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_configuration?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=84.0.1.41.38.43.1.1.1.1.1.17.2\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_static_config HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ncontent-length: 1747\r\ncache-control: public, max-age=600\r\nexpires: Wed, 25 Mar 2026 16:04:39 GMT\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5090,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (4914), with no line terminators","md5":"d77fea761555331b0c05287743bd4c5e","sha1":"550875700f032585dd200126e715f77d936adad8","sha256":"de7f59ffa17729ff2e6d432edaf9ea7aec5d88610968b2f3459dc994590e387f","sha512":"283bfc167efc277eb5a8ff9005c79d87e177994e515bcda7c988e9b8c4c4b3d580a876edd2a8a5f9b40636d1546677b0c57912f44797874a1023167a2758c8ad","ssdeep":"96:H/993/mCi1bgrdQTP/9tw/mCvKNvKG8mTGFP/vCaq:z14IdQzu18b8m65Kn","tlshash":"53b13116835fc4bb6277c19963cab70f35485138b1ec0a3fe564d670a1862c7d60aeae","first_seen":"2026-03-07T10:16:15.763755Z","last_seen":"2026-04-09T08:39:29.988656Z","times_seen":61,"resource_available":true,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/livechat.C_NEk55W.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/livechat.C_NEk55W.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secure.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG1EmS9kKAvzs5ees73_YTLPMZldiqHnNVevqYBwAWyVZoZZVlLv_lRP6_AGsRTZ6oruKo7AgmM\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\netag: \"751c8b468e879d6d7ffba88d22247bd4\"\r\nx-goog-generation: 1774440458936544\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 401\r\nx-goog-hash: crc32c=ETDL2g==, md5=dRyLRo6HnW1/+6iNIiR71A==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-length: 401\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":401,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (400)","md5":"751c8b468e879d6d7ffba88d22247bd4","sha1":"157a87c0c3d29e1c2c050807fc49cad39575e9a0","sha256":"2e78c952d37274015308f0ca9c1b3ab24627eafd6daad1bb2ab091a4aa6b45bb","sha512":"c3fa2815fe599ce10f97a256f54f10d017b610e1380393a5754d4bcd415f98438a406e83c64a47c3b4aad0ee22f065bdacd31cb9136ab564bd24d0db412b760a","ssdeep":"","tlshash":"2ee05ada9b017ae7f998cde8c404e8f656f723ab4be083b0c4ce53715324065df05502","first_seen":"2026-03-25T12:35:16.655712Z","last_seen":"2026-03-26T09:55:41.707499Z","times_seen":76,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":20,"dns":0,"connect":1,"send":0,"wait":2,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/0.b2s4mOMJ.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/0.b2s4mOMJ.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWzBWV8IoT4cFrfjE1f8Mk7cSeYQMFBoJY2VxOSHzF9w9FS5vlZpojQM5Dk8tCea4kMQXV1CVg\r\nx-goog-generation: 1774440458849685\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 78953\r\nx-goog-hash: crc32c=XZ2Plw==, md5=sCej1dWh2EjfbUirSQ/WbQ==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\ncontent-length: 24424\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":78953,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b027a3d5d5a1d848df6d48ab490fd66d","sha1":"8e3d89d2a1a9665ae0ecdff14273c4ce8c38b56c","sha256":"d99d19d39b2fe903970ddd94f27f6c11f8a7adeec5c7c57f411b7bf157f0da2f","sha512":"9ec1b6ce966262a8055b95427e56c01d3326e31bd84629d4b6ac346699a05d14175166dd67d3a07d2002908e60880f719f3c61cb6951f7c79e12cd823f44b1ef","ssdeep":"1536:/dlVfSLmtQZaHlfKYPQvC9nEm9vzM4soA2PsuMIY:/JSLmtMaHli29rzM4soPtMIY","tlshash":"41732ae2f682f4399be7a4e555384003fa3a7958781cc270f31cce20619e58665b7f6b","first_seen":"2026-03-25T12:35:16.706666Z","last_seen":"2026-03-26T09:55:41.758178Z","times_seen":76,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/css.css?20251226","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/css.css?20251226 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 04:43:56 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6971ab0c-1f83b\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 675dda6bf2d2b7bdf0cf8dfb1eda8a57\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":129083,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (525)","md5":"f33659928ef4927bfd85af4f42f0f555","sha1":"f7b01fa2de028214ac7a57d2dbc915ead275d674","sha256":"da37902f2ef9360be0efe17c7a82c74d1e5e9906bb8118060b885833190349cf","sha512":"ef3ee25c4a9f363c5ccdc947cb479e421dd1c90ffdb0eacbeb09c767f206474c84044715545ba08733bf05f4f483967d8ff63f5c095b420cdc6d8b8c2cc42123","ssdeep":"3072:qNlIZVV0pv2kohJeqCfVkY2t1cicY270HaLMZ9R1oF:qNlsP0pPohJeqCfVkY2t1cicY270HaLP","tlshash":"79c3f8239252204bb137c6557a9da7b86369c003d6436ffe72eebadad16e19403337d0","first_seen":"2026-01-23T05:01:52.463709Z","last_seen":"2026-04-12T01:12:13.776977Z","times_seen":131,"resource_available":false,"data":null}},"time_used":2728,"timings":{"blocked":1234,"dns":507,"connect":3,"send":0,"wait":229,"receive":4,"ssl":746},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor5.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor5.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 12004\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-2ee4\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 25a3ac5f1ed3a004d257f1914dd8c91b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12004,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"e772d932f095a917115ff85857088d0f","sha1":"1ba7b6967a2fb9f291cbe99bb3b3b9a0ed125c50","sha256":"00503366d78e5d7e3b29fb8d8c072ee6ded94655d9d19c0eab97216666ea06af","sha512":"b547dfd1a2130094169366d050119fca01bdfe6857a2d2cb65083271fa2bb6591e2c005f8d9f0de583b2a28721d7e90ffad3e460232a3931e1fc61257ea2e447","ssdeep":"192:mPoZpPVYl4jp4mMape1FWCyxwtefLxwC4+LlkFROlSJc7AmNZlpdJnrwD1jT:mQZceNZpe1FVyxw0Ls+WFxuAg/Xns","tlshash":"7042bf3da8d0abc56dce902c3a2d398203870dd466769d93f76cb477b36e162341dc65","first_seen":"2026-01-23T05:01:52.451331Z","last_seen":"2026-04-12T01:12:13.781905Z","times_seen":131,"resource_available":false,"data":null}},"time_used":1964,"timings":{"blocked":1730,"dns":0,"connect":0,"send":0,"wait":233,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_1.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_1.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 9153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-23c1\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2685a8cc7f19c66751da06bbe4b429c5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":9153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"35232fc24b2dc1c976d9c5dc6a13c8c8","sha1":"f5003ab920e63450703abae5e6e6be411c04de45","sha256":"e13f9e04322055a0384d1cb68558705c6514711cd65496f8d640537ee6c03247","sha512":"b7ff4fd1576beeef3fb95a7c0a493891e4dfea064b585ad697f4a092dfb54b5f086bf4cfb197d68574db1f634fd6209161408bf83d61a84ec6094d5b108c7fc1","ssdeep":"192:gvmo1b5upO8VQNrg22Q2aRrjnhImlrznwbcLl+IgGT:gvDXMNuqujhIMzkKII/T","tlshash":"de12afad3974c4133b3670a42867c776c8ddc7b08a555c4ab58c4712ba30330951ebeb","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.809955Z","times_seen":799,"resource_available":false,"data":null}},"time_used":1721,"timings":{"blocked":1495,"dns":0,"connect":0,"send":0,"wait":225,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/service/verifycode?x=0.5750863850279251","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /service/verifycode?x=0.5750863850279251 HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=0F684C5D91B3B1B2AEC65539EE6A453E; Path=/; Secure; HttpOnly\n_vcid=0F684C5D91B3B1B2AEC65539EE6A453E; Domain=.memxzf.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: b49c7fb880f9299d01c3e249cde35074\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1429,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"7d8c43b595444f7fc69f73d8dd666cb6","sha1":"667ab03657a898735e0b5007877e79d462f99707","sha256":"1991ac459dbac4a19e74db0f5efd0946e7b08d3031bc0729c827fcf3360708dc","sha512":"ae0bb27c08c9ff52a9fa6482c692ecf870c92ad8b2c0f93c77c31d728acf5f0bf74cdf880d11433027779e12141c6e3919dbff1e2f88fc1af1fdc66c9bb6ed45","ssdeep":"","tlshash":"1d21db3d5b05c292df4209f9313757a393ca4582794075315f92d9cfd150ef7c049258","first_seen":"2026-03-25T15:55:30.415308Z","last_seen":"2026-03-25T15:55:30.415308Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1167,"timings":{"blocked":845,"dns":0,"connect":0,"send":0,"wait":322,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19463678\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fcn.memxzf.com%2Fhome%2Fregister%3Fcode%3D21449\u0026channel_type=code\u0026jsonp=__i9crue4t7ns","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19463678\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fcn.memxzf.com%2Fhome%2Fregister%3Fcode%3D21449\u0026channel_type=code\u0026jsonp=__i9crue4t7ns HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-security-policy: frame-ancestors https://cn.memxzf.com/;\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nx-frame-options: allow-from https://cn.memxzf.com/\r\ncontent-length: 352\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":352,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (352), with no line terminators","md5":"5b6ac9a3699474cef402d77c600cc196","sha1":"013338b107f770c43ad35814b4e89e3314a674b8","sha256":"d8b5292a947aa700c5cfd69637442d957c0dda308dcd963ae0e6648461771008","sha512":"93c101ba9c0e5468f66949cf66a10405c9f85a267d3082f35cd70b086d98500796667a42e60825042b6b673b44fceb093949629ba07d8823de3d8ec5a562424b","ssdeep":"","tlshash":"fce02622eb0284359ec5e3fea428be02ae3047eb92455ab8b6691311525f7cd6325607","first_seen":"2026-03-25T15:55:30.418294Z","last_seen":"2026-03-25T15:55:30.418294Z","times_seen":1,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/9.xhyEK0_l.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/9.xhyEK0_l.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWxGbWQquAmYKd4mio3Hl3v9S_lYc5-k-0C9POoSXjtD82XUbLep008ZRgnW31Zfpd2w_J46hLU\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\netag: \"c96a39460d2b0a92409b2b92f3da88f9\"\r\nx-goog-generation: 1774440458916320\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 74\r\nx-goog-hash: crc32c=pjIEnA==, md5=yWo5Rg0rCpJAmyuS89qI+Q==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-length: 74\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":74,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"c96a39460d2b0a92409b2b92f3da88f9","sha1":"c1ad7e3c7f38743ebadf589676726dad6799a9d5","sha256":"af2012b0cdfa449f186df2f8dc9b3e64b48b8c5c630cc8d3c4df61973499e7c4","sha512":"c6a642b4f09c7dc0b2679c972cc99e4c1e00e268d309aae062883d3eeeb7d3e39bef53388dd20aae7f733da57ed2374c1b12ded0997cbca2762b4b03c332cbfd","ssdeep":"","tlshash":"27a022ca38ca32ae020230300f0f20c0e0b8c02c030e0328800a0200b2300a002ffc3c","first_seen":"2024-06-24T12:34:03Z","last_seen":"2026-04-12T19:22:52.648407Z","times_seen":13639,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 2400\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Nov 2024 05:04:35 GMT\r\nETag: \"673584e3-960\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f08f989511d26d0f6e0ed022d0307804\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2400,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced","md5":"da69e30e16cfe1ddbf85e3aa3642b21a","sha1":"8530f19327891df0e585355279ce85507e3ffda4","sha256":"c74d62e601ba04d4d92df4ef116934762c23316bca9f65dbd2c2b4b6e73fd431","sha512":"3bf68ecba7a87746a369e9e3d69422cdca616c6952716c27ae50528aaed987ce69a1a8d81b2d327be14914cd7f567dd0c2bef5075eff527cac9e9fd7cd091bfd","ssdeep":"","tlshash":"17411a95bbdb6a13120982a620fe6002ad210800d9f2bd6538db4c733ce07f21964fed","first_seen":"2024-12-13T19:22:27.987299Z","last_seen":"2026-04-12T01:12:13.786947Z","times_seen":565,"resource_available":false,"data":null}},"time_used":1481,"timings":{"blocked":1251,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 4132e8b30198463384fb3ffd72267182\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.799062Z","times_seen":812,"resource_available":false,"data":null}},"time_used":1711,"timings":{"blocked":1479,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 20040\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-4e48\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d3ea3bede3f5a28eb0a8984cbe41efc4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":20040,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"86baccc2262d17c30a1554f6b346b1c8","sha1":"696ce785c5c17611fecb6dd78d9662c141deffd4","sha256":"dfe93dfcc0d88efa36f759f6b0e758a0b37bd91aa65bfa7936763eda17ea6f9f","sha512":"858d5d94817390043018ef671701f57776bbf7f566ded8fe30966a65fcadb9feade8d3c1677f677b9c69b59eaa4d5e818af5e39ec08cccc9281c1dc4517a18d0","ssdeep":"384:ApJHP0rldn8i5UqqXdb3WGGNBIUbj43bXDrzctPOmWRh:Ap90rlddaqqXdM/IUHIr4VOmWRh","tlshash":"53928e946c68e9c1c97a840e246b1f7555a0f1c8edf2f3f06b93e0595c0b868ae90ded","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.78842Z","times_seen":804,"resource_available":false,"data":null}},"time_used":1208,"timings":{"blocked":975,"dns":0,"connect":0,"send":0,"wait":227,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/service/verifycode?x=0.8026914164618433","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /service/verifycode?x=0.8026914164618433 HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=0A54E5BB24A3C233776E86C4B74B9D5B; Path=/; Secure; HttpOnly\n_vcid=0A54E5BB24A3C233776E86C4B74B9D5B; Domain=.memxzf.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 2e33e50c4c548b5f77424415d623db7e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1284,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"56b018ef0ce3386c9fa89a727f7e4a83","sha1":"2b5d49794fa1a154898595014d9d83a8c4c4ef09","sha256":"ad872b94caa277888f68d86eb44534ae4df677ee634924502584f0a8b5c9c009","sha512":"e6c4455ab138f82ff3ab6aa9bc23a646bc76630617b801cff725e13bbde65fd22d6464b6aadca50ba164af08ba4ed17eaec74202217cd89f5c431622dc54d94b","ssdeep":"","tlshash":"c221e79e8b5719909b4304f732132353e2da5a877c05367225a05796e020df41a0ba08","first_seen":"2026-03-25T15:55:30.424228Z","last_seen":"2026-03-25T15:55:30.424228Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1174,"timings":{"blocked":846,"dns":0,"connect":0,"send":0,"wait":328,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_localization?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=4940c52ca0caf914a8b155bf4411bbe5\u0026language=cn\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_localization","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_localization?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=4940c52ca0caf914a8b155bf4411bbe5\u0026language=cn\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_localization HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=600\r\nexpires: Wed, 25 Mar 2026 16:04:39 GMT\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\ncontent-length: 5935\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13632,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (9143), with no line terminators","md5":"54630f003417f9c46834391ef382ecff","sha1":"73648916e37855a4b0bf37347f20d21005870edb","sha256":"2b8e74248a2e4ed6d0629ae47bfce5393cc326eedfd9b86eaf91938e7896dfa3","sha512":"a99b016499cfee8018cbd61ac8d4f91264404c97ea8f5063b2cb122de769c850b57b26e2f7e6e4d43fb5df47cd23d6ba3da88ffbd5492f16434b62b3b89bccc8","ssdeep":"192:TtXlChwBLXkjJ18fjmiVdOFd79o5cKJmvmztlIQFxe2sHLc/evuhw3jIzso:TtXlu8LXOJo/ascHuLxV/evK1so","tlshash":"af521a2947a9fcbe02076ac4fa6b540a60d41689d4e04c2bfea9d51c5b44d8b73cfb1f","first_seen":"2026-03-04T07:05:29.805591Z","last_seen":"2026-04-12T01:12:13.834576Z","times_seen":85,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/2.D2dXvQOV.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/2.D2dXvQOV.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG36sUXyl9ZlZB-AdnfpVknCts7p3TNm2YK3hR8TPc0jrpjfcIpgE2x-PeTbA_NaNaaFhlW3igM\r\nx-goog-generation: 1774440458955650\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 445806\r\nx-goog-hash: crc32c=BIJ9mg==, md5=rCu1Lz3ij5aaH32qDUOt0w==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\ncontent-length: 125516\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":445806,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ac2bb52f3de28f969a1f7daa0d43add3","sha1":"260aeb3bfcb0772e3ffbf94ccff193ca41e4096b","sha256":"03885e9374f67093a1ce47c7422a8ee6c2c522824176d1324cdba0539fd45792","sha512":"26ed9bf488d7bc06d7918ea513d771d1cbdc746e044a984c268b6066fe29f2b42e85cedddfa509d34bae795997b4a65cb3e9ca1b87b6084693081db081367fc5","ssdeep":"12288:IECYeewHmkC8nMQQiHnlK1rwTyPObtrNQoS/22MYucW6K1AfEHrZ86ryIbM8f+5m:IECYeewBTyYDF","tlshash":"86946be47242f538dbe7c19b90bb1609f73d3d09b42e9660f1ade85e33940489267fa4","first_seen":"2026-03-25T12:35:16.681164Z","last_seen":"2026-03-26T09:55:41.747744Z","times_seen":80,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/5.DDJgJSMw.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/5.DDJgJSMw.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWy73KNuqQZux6EDLkxsBgzE5csdwWq5jLZpbQ-eLmZeu_y4HyJNuj50VMe7EfoNhHJrIBDH9w\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\nx-goog-generation: 1774440458894241\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 1189\r\nx-goog-hash: crc32c=X0+BTQ==, md5=CBg5idm8UF6CIVuW0VgVEg==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 676\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":1189,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"data","md5":"08183989d9bc505e82215b96d1581512","sha1":"1c0eab7cbf49c114ba686578f1fc1e6a32fa68b4","sha256":"30f5c6a4e57eae1f47d3c20ddc27f78d616094e519d1ded2eea87106fe08b34e","sha512":"3ff2c6ed74f219c420e45447b522a7155ec27f869fbb273ba1a1406400192e596da71dc5e5ab60910c447eada553545a96a0d1dd57cf7c6c307a7cc57ee5b01b","ssdeep":"","tlshash":"602121d91dc3d430d33c48e902e5889e697c8ea4e1ee01e0d9946dc67f20960667fead","first_seen":"2026-03-19T10:33:28.754436Z","last_seen":"2026-04-07T10:47:46.110501Z","times_seen":1312,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/6.CmDDbhqB.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/6.CmDDbhqB.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG1AeX87EJ8NXbaKTr3cgCFLbEGoSx-fg3fXmFj9eW1shomC5ygpOUtzjunx3-TM8wxmb2y-R8U\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\nx-goog-generation: 1774440458963416\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 138079\r\nx-goog-hash: crc32c=Z9KKRw==, md5=w7xjh1rzXmQZ6/SZDpoSkQ==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 43520\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":138079,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48378)","md5":"c3bc63875af35e6419ebf4990e9a1291","sha1":"0e0b7d2dd95abd8f282c722fe3fa4c4c90a275da","sha256":"a9162f8842f5d0b7554ee148f946446e6acbadcb40a2f232c828681a9685582a","sha512":"db8e5b7f70baab09bbd380fc701424bb71a75dd65599fa995333474df2ea5d69baa52da9e4ea25b04c02ca63b6ce80ba5e7467a99c8534719ccfcd45a23cffac","ssdeep":"1536:VgZQ8kK8O9hbCvSPT/FyXb+BzpHxQwXzmyU9zP+M3jYPuCoOTAjyp5pmLWqVWM:VgK8kKB9hbCWBswEwDm93j+tUWbAWqVP","tlshash":"d9d3f9e83951f9626bf312a710af5807b33c192b280c4950a211fdddb9b845eb17bf9d","first_seen":"2026-03-18T09:33:42.057685Z","last_seen":"2026-04-07T10:47:46.058674Z","times_seen":1367,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mx648.com/","fqdn":"mx648.com","domain":"mx648.com","tld":"com"},"ip":{"addr":"104.21.55.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:54:32.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mx648.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 13 Mar 2026 21:38:04 GMT","end":"Thu, 11 Jun 2026 22:35:49 GMT"},"fingerprint":{"sha1":"FF:BE:20:91:D4:A3:46:D3:FE:79:A4:1E:2F:70:3D:13:51:8B:78:BA","sha256":"63:7F:E0:DD:F7:6F:E4:73:D3:D4:85:7B:67:D1:E4:0C:4B:FA:D7:87:3D:D1:AC:0F:8E:76:DE:1E:C8:B0:29:F4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mx648.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 25 Mar 2026 15:54:33 GMT\r\ncontent-length: 0\r\nlocation: https://m.mbx72.net:9119/account/reg?code=21449\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wteb1mqIyIIKEmw4x9mZmFLrwUa%2FkfuiS1FvLN6IhNUOBUyRQ9MVS%2FYp24gsn8ixFsHrTLk%2B4rOLzgLWpEWNcCnO2Ov%2FhqOGvw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e1f18446c9596b1-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":104574,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T18:55:58.746745Z","times_seen":13673560,"resource_available":true,"data":null}},"time_used":173,"timings":{"blocked":81,"dns":47,"connect":8,"send":0,"wait":10,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-25","alert":"Phishing Block","trigger":"mx648.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"mx648.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m.mbx72.net:9119/account/reg?code=21449","fqdn":"m.mbx72.net","domain":"mbx72.net","tld":"net"},"ip":{"addr":"172.65.201.65","port":9119,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:54:33.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.mbx72.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 15 Apr 2025 00:00:00 GMT","end":"Wed, 15 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"23:16:D1:06:31:B7:F2:65:53:06:06:7E:CF:9D:3D:B3:79:D4:00:D5","sha256":"37:1A:E0:D3:01:78:68:E7:2F:46:A7:ED:AF:0A:FF:62:9E:3B:91:46:40:83:6E:F9:32:4E:3E:2E:FF:41:94:62"}}},"request":{"raw":"GET /account/reg?code=21449 HTTP/1.1\r\nHost: m.mbx72.net:9119\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Wed, 25 Mar 2026 15:54:34 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nLocation: https://cn.memxzf.com/home/register?code=21449\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: ba2883dd13e8b89d2f5d2b04bf9bbdc2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":104574,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T18:55:58.746745Z","times_seen":13673560,"resource_available":true,"data":null}},"time_used":2608,"timings":{"blocked":1159,"dns":310,"connect":1,"send":0,"wait":290,"receive":0,"ssl":845},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-latest.rkvcviwf.com/activity/2026/03/20/c450fbbbc81d6e6fbc00f9bec0012a9a.png","fqdn":"file-latest.rkvcviwf.com","domain":"rkvcviwf.com","tld":"com"},"ip":{"addr":"52.195.237.155","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-latest.rkvcviwf.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 11 Feb 2026 00:00:00 GMT","end":"Tue, 12 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"26:66:A3:25:5A:B4:B6:76:27:24:F6:32:BA:CE:70:32:6D:AE:5E:9D","sha256":"33:75:30:56:09:69:78:2E:4D:6B:00:51:7D:D5:22:05:CD:C2:00:C3:98:4C:08:C3:5B:10:39:C2:8D:61:88:51"}}},"request":{"raw":"GET /activity/2026/03/20/c450fbbbc81d6e6fbc00f9bec0012a9a.png HTTP/1.1\r\nHost: file-latest.rkvcviwf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 25054\r\nx-amz-id-2: US6xgJ+Qtnp1w6vtMT+A7Mtl7g0qefX9STiVrOImK3dOk2x+Nk48FzS2ggX7AyOeLxkxusQF9mZA3dJl66lRq03B/D2qdsjH\r\nx-amz-request-id: G0XYZVF27HDEQCX4\r\nlast-modified: Fri, 20 Mar 2026 02:14:51 GMT\r\netag: \"2ee059af40a1c0f159717754fd6dc944\"\r\nx-amz-server-side-encryption: AES256\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":25054,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit colormap, non-interlaced","md5":"2ee059af40a1c0f159717754fd6dc944","sha1":"d37031848150864577666a8eab7d424dfde5a969","sha256":"96b2283ad3253e3343df42d8f2294e6fa24cee0fe172226bb9e93a6e2675a78a","sha512":"5bf306a890daa5734c0d930714d1ca2a3f5f9c4dad241eccdf9ccd915ac50aa3e7f8f837d8c0ac88c8acc8be84a51417df27982af2fb25c2cbde2e70381aeb40","ssdeep":"768:K/mfAQgnUBqRuKFHHSCLPCqtvFKMrEHdR:KfQ6KqRusgAFDcdR","tlshash":"58b2e14db9a940c9da586a3a256ec34d8db8ece61b90833431eee8cc03fb5a49550e51","first_seen":"2026-03-22T08:38:49.336348Z","last_seen":"2026-04-12T01:12:13.784442Z","times_seen":63,"resource_available":false,"data":null}},"time_used":2211,"timings":{"blocked":791,"dns":149,"connect":285,"send":0,"wait":570,"receive":56,"ssl":358},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/newlivechat.js?20260126","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/newlivechat.js?20260126 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 13 Feb 2026 05:00:40 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"698eaff8-2dd\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 721b5c590a72562100e8d991f8582457\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":733,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (668)","md5":"82236be894134d60c1165840a2f1f432","sha1":"299865c8584f72365c7f4d87d99e8702c4cfb68d","sha256":"ccc9ca0fdd0b8e6f3cf3145e5ad7b9730cdf9573d46631916fa5055e1f6f84bd","sha512":"8ba9b5c320cdab328fef9faf00a641ed97c0e36eafb46b330637f90cbbc8bf503e0ccea92c33e6a886f53f37502fea66f5ec4722787c2334f6ec41ca58bbe768","ssdeep":"","tlshash":"2801d089bc45b076ab56326c713bfa07516213156844683348ee87bbeb32e9b410358c","first_seen":"2026-03-04T07:05:29.810152Z","last_seen":"2026-04-12T01:12:13.773277Z","times_seen":85,"resource_available":true,"data":null}},"time_used":1106,"timings":{"blocked":-1,"dns":292,"connect":7,"send":0,"wait":229,"receive":0,"ssl":574},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:19:44 GMT","end":"Mon, 18 May 2026 18:19:43 GMT"},"fingerprint":{"sha1":"5D:21:36:26:B5:1D:67:14:0D:6A:68:D3:7C:EB:39:6E:A1:45:8C:29","sha256":"BC:A5:DD:5A:08:3A:33:49:76:BB:EB:18:9C:45:17:80:A1:3E:31:5F:BA:F9:93:28:C7:76:A0:97:FF:E9:3F:1C"}}},"request":{"raw":"GET /gtag/js?id=UA-119765380-3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 25 Mar 2026 15:54:37 GMT\r\nexpires: Wed, 25 Mar 2026 15:54:37 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Wed, 25 Mar 2026 15:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 122504\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":352536,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5930)","md5":"f395743dd62cf3645b351788398889b6","sha1":"8b57d749ec9804515a99b8b9a4c457d6789c0e59","sha256":"4ce490577121285bdc87398d19f4fe4a2dbefa190d623399afc35323d24118e2","sha512":"52e2d675e704e9919e90b0adfd301064c0a7409114564ec4170b2a2611d38183a470ca284e3d255c11e7094e95bf32b7b05a11bf01ece0f70226ea8c0090c361","ssdeep":"6144:sZ7q1Nfl0scuKRBl58G1ypnlbW34V9b86dCKj/URQ:+St0Ru458jmK","tlshash":"c77409ccb3d6706653a3a478503f018bb27a6892f84cc899f185dcd42e74a5a8277f7d","first_seen":"2026-03-25T15:55:30.433588Z","last_seen":"2026-03-25T15:55:30.433588Z","times_seen":1,"resource_available":true,"data":null}},"time_used":324,"timings":{"blocked":-1,"dns":109,"connect":21,"send":0,"wait":45,"receive":56,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/common_spirits.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/common_spirits.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 8399\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-20cf\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 71ccd337f747c2d8d9e68ad996072ac4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":8399,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 853, 8-bit/color RGBA, non-interlaced","md5":"44540d8c4a0f15ac3c79ec50c38068ba","sha1":"09a60fef078669da7113fbc9f9129b3a238e1b10","sha256":"d963d332fe095e110da648b267af4941bcb3d0b3988459d5f2039ebcadf4c2f0","sha512":"d67fb563e9db8d886bf09cd391361411e19aefeb2a60a37bf11eb38d985dc1c568281bae50aa71b504efb6a7bc6026340f809e797356816a430118e4f92f82e5","ssdeep":"96:1PodqmMbZJnxtCv2QIo3WG/INSvX3pwN0lu/hpSj8hj4LeQtJmzpwYFE1+m30tBY:1PqgnT8n5DluZph4y64zpx8aM3DJl","tlshash":"51028ed002b9316ed9643b22abbf39680ee289aaf4bec33448d4173731694d0457ce5f","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-04-12T01:12:13.832174Z","times_seen":657,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 3222\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-c96\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c7b94ac8b90448a30516b01ab0d37870\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3222,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"0f7cd96cb7cef4b9217f90e92920ab6e","sha1":"36cc27443ed415c168ef9e700224011fcc56dfc4","sha256":"cd8bbd1b5d1b7309612fe10c894f8c0a3a5ca889331da9a56414f373464501c5","sha512":"c62f01a4b4c4e59533179f7bd4b710964fdf1127a07ac56d7ce0e1908b8b351586dccb548e58ebb9424365894bb70acc33da4c41d3c2399ea78dd17c6c36b804","ssdeep":"","tlshash":"af614d6d6d9f238d11e99491f491b0ca0c31cbef74805d1564f7cc82ee91f5748398e5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.77064Z","times_seen":806,"resource_available":false,"data":null}},"time_used":1195,"timings":{"blocked":973,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.zzdyenye.com:2053/api/banner","fqdn":"game.zzdyenye.com","domain":"zzdyenye.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.zzdyenye.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 16 Mar 2026 00:00:00 GMT","end":"Sun, 14 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"29:E2:4A:89:D6:C2:87:07:D4:70:8C:24:B9:EB:FF:08:5F:0B:85:11","sha256":"0B:90:28:52:98:E3:C5:48:E1:09:6B:CB:A7:89:CC:70:6E:DE:D7:4F:EB:B5:84:C1:DA:9D:5C:42:BA:77:C8:DC"}}},"request":{"raw":"GET /api/banner HTTP/1.1\r\nHost: game.zzdyenye.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.memxzf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20008,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"dc78226dbca67a732ecee104126ab69f","sha1":"350424315ea6eca81f68a623f3bc8df3814a6ccd","sha256":"7a0fa6e19d9efac7e6b22e4dd8a133bcb2fce064b93af5f5fc10d43ea09fee5d","sha512":"92843fd03419675a87c30c89af786f1cc44a63512c0dc4eb54f209a6b83592395b5258353dd27041eed53518a1ca334ec658ba10c0ee8011b310c33c06b5a940","ssdeep":"192:Ioa4BLoBmfBrvwFBXWBc9JTHBeB8OOBOOVBono3BBuYCzBDARBfeBOnTJh:5sa5niBTj","tlshash":"e7926a4165a8ec774de03bd848051de231cdf951fc9cea9be711aeb812ae461c60f29f","first_seen":"2026-03-22T21:44:46.683016Z","last_seen":"2026-03-29T14:28:38.96137Z","times_seen":20,"resource_available":false,"data":null}},"time_used":1660,"timings":{"blocked":653,"dns":111,"connect":214,"send":0,"wait":376,"receive":0,"ssl":301},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-latest.rkvcviwf.com/activity/2026/03/20/fb495e8b2d7133af8bbdfdd8438e21a1.png","fqdn":"file-latest.rkvcviwf.com","domain":"rkvcviwf.com","tld":"com"},"ip":{"addr":"52.195.237.155","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-latest.rkvcviwf.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 11 Feb 2026 00:00:00 GMT","end":"Tue, 12 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"26:66:A3:25:5A:B4:B6:76:27:24:F6:32:BA:CE:70:32:6D:AE:5E:9D","sha256":"33:75:30:56:09:69:78:2E:4D:6B:00:51:7D:D5:22:05:CD:C2:00:C3:98:4C:08:C3:5B:10:39:C2:8D:61:88:51"}}},"request":{"raw":"GET /activity/2026/03/20/fb495e8b2d7133af8bbdfdd8438e21a1.png HTTP/1.1\r\nHost: file-latest.rkvcviwf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 28604\r\nx-amz-id-2: mOGm6na/y7tyQvXi2BAeTPlUw4ElPMD5+KUlBB62JJvIcfogrZdEVJQRktJe9m4PHSKzUlW7oQAUtNBOeRWTNejbV6s/zhf8\r\nx-amz-request-id: Y21874J6X1WBPS5T\r\nlast-modified: Fri, 20 Mar 2026 02:13:17 GMT\r\netag: \"6225e0e01ecc4291dd8ebce1bc01b4e4\"\r\nx-amz-server-side-encryption: AES256\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit colormap, non-interlaced","md5":"6225e0e01ecc4291dd8ebce1bc01b4e4","sha1":"8cb46a3cba655a6a56d8087ed71bd84ecaef9131","sha256":"e29a5cb12d631069b17a410e9156f9fe034cd54ccf76247462bd7a0f7832d9b5","sha512":"dcb2bbfdec9eb987700bb3641b78e69478214dbaea52475e9403145ac9fd2ece6e64d7d61a6093c5cb26c492e1315d65c2daa7d392b175fb2190c6bb254914db","ssdeep":"768:zH97mivQh7qf+fCQhg0TZ3UMR38Hu1R8uMjEBFFjYTlCMjr90i+TBBYL:DIivc7qtQi0xUMR33ujcYBBrui+TBBYL","tlshash":"23d2f1ee5b614ca835e3ca649c1e074435b2405c7eb02bfe6b8129bf54e6b8c0342de7","first_seen":"2026-03-22T08:38:49.382978Z","last_seen":"2026-04-12T01:12:13.790389Z","times_seen":63,"resource_available":false,"data":null}},"time_used":2404,"timings":{"blocked":800,"dns":154,"connect":277,"send":0,"wait":728,"receive":75,"ssl":367},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/4.CntM2Eu5.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/4.CntM2Eu5.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG2Uspda4KC3LAiVFmorOsXMRru47Ds1WqpkO54MGr4n9ZAZuPa_c2e-Cm62o82OBWZqaanpA6k\r\nx-goog-generation: 1774440458966589\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 220799\r\nx-goog-hash: crc32c=WKPnsg==, md5=O1cz9XcilWTL14+ClFz4lA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 68106\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":220799,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (36687)","md5":"3b5733f577229564cbd78f82945cf894","sha1":"135de320d29e47c403beaa26faf6a0f9414dfb26","sha256":"f25d4008e812a41aade7850eec9ec349e32b45b9f7e6ccf9aed51f5df852d306","sha512":"4be6b004c48bb3bc77b0621dcbad6c857cd484d0400a64f0dff67e170ad1c4a3c516fc24283386c3033c67901cb968c634a56412d6905663a109cb26eb21a877","ssdeep":"6144:1tMuoTGhHxd+olP5nZfpUTHOrqZ3IpLp8T:rMuoTGh/+olP5fUTHOrqZ3IJ6T","tlshash":"a2245bc4b18af53887eb34e6547e2002f63d6d18784c8164f75dddb63da858a9233f2a","first_seen":"2026-03-25T12:35:16.708106Z","last_seen":"2026-03-30T09:59:39.343309Z","times_seen":381,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/7.qYTqns9Q.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/7.qYTqns9Q.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG2aC4PuPFSl6iZNcFphn5cDw-t6sQjBb9Q6CJesd4kxfNiLl6uiLGHadEnLk_85v5w98ajFstA\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\netag: \"d541ce2d754402b833cc65b76eaea2c6\"\r\nx-goog-generation: 1774440458911117\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 40\r\nx-goog-hash: crc32c=jQQqwg==, md5=1UHOLXVEArgzzGW3bq6ixg==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-length: 40\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":40,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"d541ce2d754402b833cc65b76eaea2c6","sha1":"c36a92a0f5cef497ce42b1e8b4c72c8d9bd3786b","sha256":"80353503e48ebf6c2ae9f70184d3e758f64bacf48afe147e039df807509200cb","sha512":"f8cd5cc49f9276c580419958bf312ee0a311194fd41d116ee709e56401d769511700031ec9f3e6151f8da6b7e13b16e374a231e31cb00b92413ce5c751c2a0b6","ssdeep":"","tlshash":"f090044530d334753111111c453f5c0551144c4c05d55730c010d5551f514f4571fc4c","first_seen":"2024-07-04T09:32:22Z","last_seen":"2026-04-12T18:47:53.246403Z","times_seen":24967,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/messenger.css","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/messenger.css HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-2410\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 5114f4aaaedbd72f6ab766feee929a71\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9232,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (538)","md5":"26f774e67203df0b4387b8fdee38643c","sha1":"d46d750b7882c8c3aff3690472c6ad6c5c32d546","sha256":"3d3b344953f5a8668a3a045c902c84e530407997885301cfffd4a1724b6b37f8","sha512":"d2fbe717e58dbc07551690f0d18256cbef2b33adce004da7d83adb34866764ec94ea6ec5d91a9a65754f0239cc98dfc4b7caefb1a1b427a7e5818671c03288c2","ssdeep":"192:Qi0KrdIJjkB1IbXwdRoqXaS3TIFTKC32XifM1N:QiBrdIJnbXwdPC32XeKN","tlshash":"a812f022c5c51927133fcb53add557584f238b03aa1ed4ad66deec4fc70ae6812e630a","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.785464Z","times_seen":956,"resource_available":false,"data":null}},"time_used":2080,"timings":{"blocked":912,"dns":293,"connect":1,"send":0,"wait":229,"receive":0,"ssl":641},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor4.png?4","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor4.png?4 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 6656\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-1a00\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 56482ca1231d0584a8cbcfa8a9d64bc0\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6656,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"bc0bfba88f57dddbcab058d13a0178fe","sha1":"3a82ca7e0de411faf17a0280292e18365817790d","sha256":"a91a58962bbd93730191f75f51b50108a6ee274b663c5b1f6eea2e09868abe17","sha512":"934411294e564656520460a6806d0f51058bf5d0dda73ca0e3e8b09c370e41a1d0afa135b8bc9bcd3f0d966a59cdb488b6b669ef6012c403c163e947dcc3d6fc","ssdeep":"96:oaLKcsHv7kI8AO6uNlW1/OvAT4AocvRaqMDlFB2QZkC0JfFdGcg1dcH8rsho6g/h:okFPWROvQzRsqCmtwcgHrsQksZz","tlshash":"ddd1bf6ba7ce2cd9a38ed2871f96796bafb1001491e319002c3332ba5a413844f31dd7","first_seen":"2026-01-23T05:01:52.465953Z","last_seen":"2026-04-12T01:12:13.801755Z","times_seen":131,"resource_available":false,"data":null}},"time_used":1956,"timings":{"blocked":1727,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/kz.js?20250807 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Dec 2025 02:53:07 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69378f13-10cb3\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ceb1806f5b597fac42c6ad51c08708ad\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"resource_available":true,"data":null}},"time_used":1307,"timings":{"blocked":1072,"dns":0,"connect":0,"send":0,"wait":234,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/tracking.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /tracking.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG0Adi-nl10RlQ5VqIoREe1Nlk3DN6oWaktfVb7Gvw8hLqrKqgzb7lkr5F2fBYgwK_EBZYdRmHc\r\nlast-modified: Wed, 25 Mar 2026 12:07:39 GMT\r\nx-goog-generation: 1774440459005424\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 102724\r\nx-goog-hash: crc32c=Vokfkw==, md5=svFm6gd36blbun6mm4YazA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 33199\r\ncache-control: public, max-age=28800\r\nexpires: Wed, 25 Mar 2026 23:54:38 GMT\r\ndate: Wed, 25 Mar 2026 15:54:38 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":102724,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"data","md5":"b2f166ea0777e9b95bba7ea69b861acc","sha1":"a01f419793109bfa607f456a7fd50a0a28011b44","sha256":"53424d146551c5315b3b43ec6ca30311d17a78f70f081def6bfa19b08d010cfa","sha512":"af009032be8bc187ed48add38ffdb844ff81eca25c8779162919d82625e794499f951af23fd25f03487770161a511441860dd609200c2617b280e95d9625e20b","ssdeep":"1536:E5y/uRri7DJnagIckNmeuR5bydWiBwpDwLCPoRvCRW6Rgt:E4/uRu79aXuRxyk8vCdRA","tlshash":"bda338d67282b03493f785e7a17f6216b33a191c740d8410f17cec6a396a9879177f2e","first_seen":"2026-03-25T12:35:16.698664Z","last_seen":"2026-03-26T09:55:41.761807Z","times_seen":84,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":90,"dns":72,"connect":1,"send":0,"wait":2,"receive":2,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/css/style.css","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/css/style.css HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60ca3dbf-1099\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tIIqq4yumH7NOso3YXKtfP1FZV%2BfyPeFG8mDl0yQMycvC5o8oCElCxUczJmi2sOFgAXRKeW%2F7J2s2qW3vssmmRF8r%2Fx4e%2FpzJD0DxyVdV3Y%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9e1f1869df6556f6-ARN\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4249,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"0c6d034e188bab046fdc5e2bf379985a","sha1":"2d488cf25911a2fc18a528d7cc379ccf0cfe81b9","sha256":"4d22d7a96ba44fa03ada1e71245b3ee64e1e91a1bbe9287957429ab8a1ab0f5d","sha512":"cb7466d46ac336aa2c569e1c8ff81e4576d7b4882259a8e7b278e89158345eaed5e71567878a6e78a3ec54fdf339e86857695fadd6c84194c0a54de40240dcb4","ssdeep":"48:FLYxjPtWs2MYEuZh/Vzlj2TTc4JnAWXorJfNlfUstDTj54JI74koECOH8WzurfYh:FLC2f1YYDO+h0HfYNsu+zjfrQ","tlshash":"9991cc7d4b0722044637d6587bd54b668638d063bb0729de7bd506ce0b91fdc02b1aab","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-04-12T01:12:13.833114Z","times_seen":571,"resource_available":false,"data":null}},"time_used":939,"timings":{"blocked":73,"dns":50,"connect":8,"send":0,"wait":777,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/8.eV4yDChl.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/8.eV4yDChl.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG1lcVdXSJ62VmepeMGABJ9eBcMpR-aKOzuM7vcvBMXNqYjU6AGZTWCSKIP_pN09jJawhcXnbqE\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\nx-goog-generation: 1774440458962518\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 7870\r\nx-goog-hash: crc32c=xkFa3A==, md5=IY81LDzQlRmppgsvvS7gNg==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 2997\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":7870,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7869)","md5":"218f352c3cd09519a9a60b2fbd2ee036","sha1":"39c0967aa6d5d358f667a5caa5263deea5bf9e2f","sha256":"118d1bc5286a56d49b8476beae2acfc58ffe2bcaf3be2a997582d00545b9aebf","sha512":"e113f3b2f87e9c719a4e7ae62cd6dc849d995355464441e2d006d45a877fe8a88d2cca8e1309b41a97cb1afc22d4c5dbeab1f7bf0b21a959f36657b7a50fb300","ssdeep":"192:JbZtPuLpcfXjyJzCgvNtUpPJmrkZYfnwS1fl3XXJWXzqdByyYYiktwbaQ4BM:BZtbjyJDvNtUpPJM1p3JXdByy3RtwuS","tlshash":"6af1f9bff741e4b0e3eb48a19a1a0113aa3a1754755d8070fa2c8d10a159ac4b277ffb","first_seen":"2026-03-25T12:35:16.730443Z","last_seen":"2026-03-30T09:59:39.342332Z","times_seen":375,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/11.DJPUQwQu.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/11.DJPUQwQu.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG2OM25PcIxbTO7ncviqe5kr1_nX0IGUW6DkgHtNxRDYvfzrgnMJn6JoTgyd6xjarmqKPsaua8DqC2R3PA\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\netag: \"640caab52100a1e9dfe618aaeb79838f\"\r\nx-goog-generation: 1774440458847194\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 300\r\nx-goog-hash: crc32c=IuJCUg==, md5=ZAyqtSEAoenf5hiq63mDjw==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-length: 300\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":300,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"640caab52100a1e9dfe618aaeb79838f","sha1":"4654776a82e5405614a595d40cb33ca2b5bae0b5","sha256":"fb8eb817d7251014c136b441bd4004fa6567908059013edbb938925f23b67ceb","sha512":"17d605182be517c5e797b2fd823b9ab7b6bd73d97bd2c3d11c5eb29d108cd350d789116528e351abaebdf3654cc65100b9e3353064ba38c9ab9008126c6a3061","ssdeep":"","tlshash":"00e08cbdfca8d92152f5e9f8c0b60822cb593b0e502382b0f60e6f4a9519199a552826","first_seen":"2024-08-27T15:26:59Z","last_seen":"2026-04-12T18:47:53.256646Z","times_seen":24098,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.livechatinc.com/v2/customer/token","fqdn":"accounts.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"POST /v2/customer/token HTTP/1.1\r\nHost: accounts.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 225\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secure.livechatinc.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":225,"data":"{\"response_type\":\"token\",\"grant_type\":\"cookie\",\"client_id\":\"c5e4f61e1a6c3b1521b541bc5c5a2ac5\",\"organization_id\":\"d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\",\"redirect_uri\":\"https://secure.livechatinc.com/customer/action/open_chat\"}"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://secure.livechatinc.com\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\ncontent-type: application/json\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 201\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\nset-cookie: __lc_cid=c7cb0443-b070-459b-8b3f-595a3e5dc043; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 25 Mar 2028 15:54:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__lc_cst=5ba67128b8adcd7a09e72640be389d2a760c1a8f05334ba69a794d901bf80d207ed554bb0732882fd26e51877f87a903834495632a37ccaf9e6675c6a3c8; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 25 Mar 2028 15:54:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__lc_cid=c7cb0443-b070-459b-8b3f-595a3e5dc043; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 25 Mar 2028 15:54:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__lc_cst=5ba67128b8adcd7a09e72640be389d2a760c1a8f05334ba69a794d901bf80d207ed554bb0732882fd26e51877f87a903834495632a37ccaf9e6675c6a3c8; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 25 Mar 2028 15:54:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__oauth_redirect_detector=counter=1\u0026t=1774454110\u0026tag=42259cdff3bdfd49681644a97ad7c82b5295a07c; Path=/; Expires=Wed, 25 Mar 2026 15:55:10 GMT; HttpOnly; Secure; SameSite=None\r\nstrict-transport-security: max-age=86400 ; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f6f0cf93ae0f7f1b1eb102c788a37147","sha1":"3555ecac43a13a7a46fd6af2e847d198b67ae96a","sha256":"ebc661d5b790bc40d36645260c97333c9e842fc1319604b14e57668a0827dfea","sha512":"138bfd2ab324497cbc609c1884126834ef95ce399292a82b5f7d23dd4e119fade83ed7ec4f88f3d5206943b5312f9f87d586ac6bd247a1e460ea00055f8d0ea5","ssdeep":"","tlshash":"68d0228b0f46acd09ae85b4f6e050a49fc15a5eb83e40db800f8d27a1d0cd216367338","first_seen":"2026-03-25T15:55:30.465135Z","last_seen":"2026-03-25T15:55:30.465135Z","times_seen":1,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":40,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /css/base.css?20240823 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 04:17:43 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6971a4e7-2a835\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d978b5d1bb91486749a6e55915f94f7a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":174133,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (539)","md5":"05af91b494845ac53747a6d8764b97c8","sha1":"161db8ff7a66fb31e12771ab87fc490adc2e1fae","sha256":"d91291f4785c691ec6142e4315dee74780961fb1a0f9e73a4543e0e80b35f377","sha512":"7099c8f3a7bb963d69f62a25045bb03f2fa5452031f5b65974cbd1179059bb263268473aca0144c9f61d475034bdf0d9563230510c5fc52d46f61c19631449ed","ssdeep":"1536:11H5u9h1KXKFfCoYD8B+5yZbosh3kRRHMOFCaIAVUT2sbGVyGeDzb2NcdYqaGN+3:YWXKFfCoYD8B+xDzV7sbGpeDzbi+SX","tlshash":"a004dc0ad0ef218b717bd8b530abb6e5e119815ae1064f7d726c33bce1fa65c8132e15","first_seen":"2026-01-23T05:01:52.474463Z","last_seen":"2026-04-12T01:12:13.801245Z","times_seen":131,"resource_available":false,"data":null}},"time_used":2793,"timings":{"blocked":1262,"dns":292,"connect":0,"send":0,"wait":233,"receive":18,"ssl":985},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/fimg/i202506274933fa50064c8d94db51e297e3b319.png","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /fimg/i202506274933fa50064c8d94db51e297e3b319.png HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 591\r\nConnection: keep-alive\r\nLast-Modified: Sun, 15 Jun 2025 05:27:25 GMT\r\nETag: \"684e59bd-24f\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 5faca8c971bcf40ad8e78f273599e9a2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 600, 1-bit colormap, non-interlaced","md5":"d390244b30c22d100a24ac05d9e4e979","sha1":"978cd2d10293408b8ad2b62d647ba17ce7f1b07f","sha256":"38d18e132913c6fc5636d430c1226ecdbc29ad80b55faa4a7aad46cd084c44ea","sha512":"27e7300242911590b438a1f533420319984bf694f46a03cf96a5af250d4f74b46e78180a18f7adeda216e95e11b305f65317e604c2aa7fa7a1619a2379e4ef67","ssdeep":"","tlshash":"96f062d55151be10901011012d46e893807030eeebf30b1d450b413270b824ee7296e2","first_seen":"2025-08-07T15:42:17.327108Z","last_seen":"2026-04-12T01:12:13.830751Z","times_seen":543,"resource_available":false,"data":null}},"time_used":2240,"timings":{"blocked":1492,"dns":0,"connect":5,"send":0,"wait":232,"receive":0,"ssl":506},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/modal_reminder_logo.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/modal_reminder_logo.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 14074\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-36fa\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 49e1d838888a53d20ed8d4eef3d35cf7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 569 x 555, 4-bit colormap, non-interlaced","md5":"3494fbc85e95ef708a1db6668fd2e401","sha1":"b9fbfc60416cd990012546e74b0fdb38bdbebe19","sha256":"3167f9728906a03ceaea850d57533fb5c253a38b94cfd55d245f714d7f18afac","sha512":"78791223a160d4012f76fad660815eb9fa01d4beb0bc98de01288e66b477a3c739a4b8ec0fcae6263fc66aee0eae43780d1abb663dc25b635bb9f702bb0eefff","ssdeep":"384:ZArYvJEV26jJlaWFjf8KvQdlbT3mc1qm+wTR:WcxaJlaOQRN14wV","tlshash":"0d52cf1c0cdd9c4dbd74129169409f8b5c70abfab9f051eb88caf218b6af9402554f23","first_seen":"2024-03-28T04:38:14Z","last_seen":"2026-04-12T01:12:13.80942Z","times_seen":644,"resource_available":false,"data":null}},"time_used":1897,"timings":{"blocked":1668,"dns":0,"connect":0,"send":0,"wait":226,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.zzdyenye.com:2053/api/news?try_platform=4\u0026status=1\u0026username=","fqdn":"game.zzdyenye.com","domain":"zzdyenye.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.zzdyenye.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 16 Mar 2026 00:00:00 GMT","end":"Sun, 14 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"29:E2:4A:89:D6:C2:87:07:D4:70:8C:24:B9:EB:FF:08:5F:0B:85:11","sha256":"0B:90:28:52:98:E3:C5:48:E1:09:6B:CB:A7:89:CC:70:6E:DE:D7:4F:EB:B5:84:C1:DA:9D:5C:42:BA:77:C8:DC"}}},"request":{"raw":"GET /api/news?try_platform=4\u0026status=1\u0026username= HTTP/1.1\r\nHost: game.zzdyenye.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.memxzf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":526,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1d5d0f296f117df87e80e5bedaaa6b91","sha1":"f33dd6da7b22173eb4cfd933c957f4207b5e4e91","sha256":"c0e280bf095bc40a9b5cc87f4ccc725ba2f73d24839474ac9764c5f13919e010","sha512":"12888e010e984eecbbd0b405dc712f4857470fdee9becc71d4e471d4888fc73a12d5d316e3aa1c9c598f259ce5f9ade1d1c65f3088077b4875fc350e9f1e0625","ssdeep":"","tlshash":"8ff0c9622abcf8161dcc088702fdf14566e9b3d954ecc718b08e4e05a5a11b18794a22","first_seen":"2026-03-22T08:38:49.347105Z","last_seen":"2026-04-12T01:12:13.831221Z","times_seen":63,"resource_available":false,"data":null}},"time_used":1548,"timings":{"blocked":647,"dns":0,"connect":214,"send":0,"wait":367,"receive":0,"ssl":312},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/arrow-left.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/img/arrow-left.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 710\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-2c6\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YtTL4%2F54bFh3IMl1UWEWfZ4lhiw%2BWw4ZTdU%2Bnk2qH15I9bW3V%2BdtB6cuzHysRD5LVWS9L3QzXvNo%2FViI4OIavo0Mxgge3Gth5RoPo%2BC1rdA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e1f186f3e538deb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 34, 8-bit/color RGBA, interlaced","md5":"75283be3b7efd575f15a3c05ec9a83e5","sha1":"8646eadd0f93308cd0bd224242393f505e920f7b","sha256":"14dde123a93666ed0e806b324627c3cfef68a77e1ec346677fd6d1d05187685a","sha512":"f647f432cee300847d1f2bf7a0974885b9bcf773589cf0644ffd0a97282546ddbf6731f08658fa11732d150f17b5849db18c8e5ed1d586043e443806b60239ad","ssdeep":"","tlshash":"03014eeb13b47f50e7a1ac372d82d3280eac89b57514468c01401ab98c7e4cead983b2","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.780424Z","times_seen":528,"resource_available":false,"data":null}},"time_used":906,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":906,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/3.DazHfinG.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/3.DazHfinG.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG14yvmeUiafjGGn_1g3TGM4tT5tIPQ0tm_E5dFluUn8NjpVbLbsxjzclWcpdk5bE7MJoIwW-Ms\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\netag: \"2d77a6aa353e00f553a63318304ed405\"\r\nx-goog-generation: 1774440458893235\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 546\r\nx-goog-hash: crc32c=k77Z4w==, md5=LXemqjU+APVTpjMYME7UBQ==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-length: 546\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":546,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (545)","md5":"2d77a6aa353e00f553a63318304ed405","sha1":"79829fe224284805c193a91d2fd444f246271fe0","sha256":"f068996cda742dd6fdb0e857c16b010966bf690480381465595e2b22935de2cb","sha512":"8a7fdf55c616c0d7f3f6d03d2196d7c4d82cb385c2dc73ba36ab9a08ac2f43cbee752de0e10302fda3277fa54813cad993b838b0ae98ac1f17e3d5001a67a228","ssdeep":"","tlshash":"fcf08bc53592f5ea02ab59c548379003f3298818b4baf580e614c5f12493057471ab27","first_seen":"2026-03-18T09:33:42.028688Z","last_seen":"2026-04-07T10:47:46.077135Z","times_seen":1372,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"api.livechatinc.com/v3.6/customer/rtm/ws?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026x-region=us-south1","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/rtm/ws?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026x-region=us-south1 HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://secure.livechatinc.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: 00ZSzzsTfkLiXcvZa8+fMg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nsec-websocket-accept: 7Xq0Kb7EBGZwgwSIR6DR0oe5JI8=\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://secure.livechatinc.com\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nUpgrade: websocket\r\nConnection: Upgrade\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T18:55:58.746745Z","times_seen":13673560,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":0,"dns":5,"connect":3,"send":0,"wait":139,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.min.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-176bb\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 002ded80c3554de2aa17fa938d4f0479\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":95931,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32047)","md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-04-12T19:37:18.493409Z","times_seen":16545,"resource_available":true,"data":null}},"time_used":1982,"timings":{"blocked":852,"dns":299,"connect":1,"send":0,"wait":234,"receive":10,"ssl":580},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/banner-notice.js HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:37 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Mon, 16 Mar 2026 02:29:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b76b0e-4953\"\r\nexpires: Thu, 26 Mar 2026 03:54:37 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18771,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"986594233ce57549964f51fbaa529103","sha1":"eecaa2149fb59b7c1a0657729778622a554d40e4","sha256":"d0b03fbfd797b445ada36cf8674cd627711319c730af3216090e0ebf367c4d12","sha512":"7514acd421d148a19e96d20f4c631d086c3e986514ed79c8720fada075d3ee317c276b79a2c2e7bb027c373fe0c49ceaca4d995044314b69a85ca24a8957fc18","ssdeep":"192:AJ2wJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:o2GbDK6czdOnXH3qBmlc","tlshash":"1e82b81875fa0061542320b88e9a618c7f26950f920a5d08bd6d47e8afcad7195d3ffb","first_seen":"2026-03-16T12:25:03.339087Z","last_seen":"2026-04-12T01:12:13.777497Z","times_seen":67,"resource_available":true,"data":null}},"time_used":1112,"timings":{"blocked":-1,"dns":147,"connect":220,"send":0,"wait":363,"receive":0,"ssl":381},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/rsa.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-34ca\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: eea3f71ea735e306a6f695e2b403cede\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13514,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (5026)","md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-04-12T01:12:13.811041Z","times_seen":1015,"resource_available":true,"data":null}},"time_used":1287,"timings":{"blocked":1060,"dns":0,"connect":0,"send":0,"wait":226,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 3150\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Feb 2023 01:02:20 GMT\r\nETag: \"63d9ba1c-c4e\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: fdce661fa27236d6db762a9295644c73\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":3150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 39 x 373, 8-bit/color RGBA, non-interlaced","md5":"a64222f0baf49b7b54175cb4b70c7772","sha1":"179e5f57fdd5dee04578274231a5445b76b83ae2","sha256":"382fcd4debce444b68de702fa69d2b8935ba546457f1a36d358d312baec1f35b","sha512":"13ef9e867c04188713a5812ed810ccd9f80771648acfed7ee5a3b7ffe0862f67233d1136de6440ade5854d2a14012fd6d7f1751c010a6f8dcc708d4c6d640291","ssdeep":"","tlshash":"ad514cc1185c2e117ffd4130cece1ff99c9e2da667e0a29d8639d1926da4310f4a5b8c","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.808884Z","times_seen":812,"resource_available":false,"data":null}},"time_used":1470,"timings":{"blocked":1244,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/modal_reminder_deco.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/modal_reminder_deco.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 1119\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-45f\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: acb5bc23be0cb157e5e0dc4318c8954d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 232 x 12, 8-bit/color RGBA, non-interlaced","md5":"3f99b65d5f4c689ea127400c44026e81","sha1":"60f91d0531242fed70f77991419d8c0442ae4299","sha256":"581ca9e4c82ad7b55ba31fa2033aae45ec122c4be965c2c0eb465da2cbe13dee","sha512":"5cb9d5f09e1877bbf50b680e2e79bdeb17403380db0830e398f3582f2d30207b3925007d19f1416d6e0e9b1aed11b735337a0437ebdb35d70479f2d9f65d3fe2","ssdeep":"","tlshash":"4221038df6115c42925ef99238fa0562e9120c81c7e0e4677dcbc4c648316ba886d9c7","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-04-12T01:12:13.797487Z","times_seen":655,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 6153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-1809\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b42509e8d20e279afd5510dd4faf070b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":6153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"89203da3a7f6cd69c626446854368222","sha1":"0a861d62cd091a150ce253ecedf0dff49c80b3f0","sha256":"ae58de0a439617b67724ced1eee3bc04d8103d1a8f34a9ac362d1a842e06d2e7","sha512":"37b0293f4c467a53f8b4527c40345e89d407811a4e7894263663847ecc5406c8d101c2dd9711f4fd099ec325b9013d1337154600b0f87b8fc3e5252a771993c5","ssdeep":"96:tnCr4K+CdLuWy5kOy2k17lRtUsvqI8ydwBlz2gcwNkABBbbk/eH+Tm4Mi0UPftR7:tnCr40dKOOytRhFNaNTDbsxCdixHtUQ","tlshash":"5dc1aef06ab50164f022342747b70504a4167fd89974bc9063bf9f8defe6743e868ad1","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.776502Z","times_seen":810,"resource_available":false,"data":null}},"time_used":1419,"timings":{"blocked":1191,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?86b8712c72cab4f521c0b5cd56dfa69f HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11299\r\nContent-Type: application/javascript\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nEtag: fe12078de9df6da99a914681cd621b2a\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=63F0FCDF760AB2DB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (629)","md5":"d5728a3b9526e08d6ac7f1e072ddf93c","sha1":"72af679d93d70f23d772aa5cac25906d10a5ee73","sha256":"188b51151a9769d20a655241562a5b9d89c0e08715b0602df6b046067f808914","sha512":"3b5844184b97826387cb5cd0067143f9f974121254d6045f625d4c2b597d7d9bb4936a5294b892409951058a8a9dca375f779f970ffc4a34d3b471b0029172a8","ssdeep":"384:dqJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dq4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"ead2d9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-03-25T15:55:30.479431Z","last_seen":"2026-03-25T15:55:30.479431Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2106,"timings":{"blocked":918,"dns":280,"connect":209,"send":0,"wait":272,"receive":1,"ssl":423},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/index.css","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/index.css HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d33-13bc\"\r\nexpires: Thu, 26 Mar 2026 03:54:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5052,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"33009c301e789707d7c69505ff50d74c","sha1":"cfae09fd67a040052da9da88e0b6b7184c68a4fc","sha256":"bbef70cb02415d56036f01eed877aca7e946f6ce14f39ce52899b1c19f3360d7","sha512":"54d3eff35b7e2e5b03386955f05ce0bad1aa1d8586ae9f70efe9ba5660ba33a7c18b0840083e190af9bbca26d9ad7d032945a4e5c08439ba7b2f121ef268e2d3","ssdeep":"96:U5KsCmC+sCMCW/rnidi/kisClOC3vyb1CWg1KBscndYYC5xNESG0cCTgfeJ9SXEl:Jj1wDW/ridisisCltqbI9GscdYdxNDjH","tlshash":"d0a13259a7f60604681fc1943dd2a759a239c043a24fcc3df6d2204caeca1db72a7bd6","first_seen":"2025-08-09T14:13:17.039422Z","last_seen":"2026-04-12T01:12:13.782411Z","times_seen":466,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":342,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/main.css?20260311 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 25 Mar 2026 04:08:03 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69c35fa3-f866\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 5457bcb923d69c4350759c2c7e96b4d7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":63590,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (449)","md5":"bf0f01d0750444d77af315af25fb55a7","sha1":"f4e3d0ada3d44e88cad26a9d5b8fa3e8e981e98e","sha256":"d389e54d0221bb0035b11db5bb330317651202e7048065a504c09da376efd38b","sha512":"28316c47d3643b0a882cccf489d8130a08b9e5800643a19888ace039e01656fe26b2d5a2acd81d18fe3acb32ec6d59942c092300d5300c7678c1296bbb41ae5b","ssdeep":"1536:ZoErfbP93Ytk3pZcG1cF3NE9GG0gYAajgHwEUVtrydv4ffEqyPouRPf++J1quyqD:ZbP93Ytk3pZcG1cF3NE9GGMEUVtryC+n","tlshash":"8353a921e9b9220ab03bd162b4e15faa22398017d1171fbc657d3a7de6cf0d45177fa0","first_seen":"2026-03-25T12:35:16.650018Z","last_seen":"2026-04-01T17:26:48.418521Z","times_seen":15,"resource_available":false,"data":null}},"time_used":2670,"timings":{"blocked":1208,"dns":508,"connect":1,"send":0,"wait":226,"receive":1,"ssl":724},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1774454076","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/EagleEye.js?1774454076 HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: br\r\nSet-Cookie: E2Token=4b4be694-0838-4ab7-a10e-1f1943c78fb8; expires=Tue, 25 Mar 2036 15:54:38 GMT; path= ; samesite = None; secure; httponly\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1439\r\nX-Rate-Limit-Reset: 2026-03-26T15:54:38.1388953Z\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9acf0ff20d749c3b366bd8a9485363d7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54487,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37140), with CRLF line terminators","md5":"dad669c3b7e0b96d3f7bfd93981d0e6a","sha1":"c7c15068eaf90c1303e18943651fbe29c61c67e4","sha256":"1642a622d4b5359fbac8641769189e95daeeadba92988cd6dcd8abe8a2ab7f8f","sha512":"5add6170722dad490626dc358b960a4964e35008ac2a9dea888badd1fb34210c4c1b531190bf6244983a5ebf0cbaf19f2be30d5940a19cb44fed71cfb4b3997b","ssdeep":"1536:+6rk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:LGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"f933e61ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfef8","first_seen":"2026-03-25T15:55:30.485494Z","last_seen":"2026-03-25T15:55:30.485494Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1428,"timings":{"blocked":-1,"dns":204,"connect":1,"send":0,"wait":444,"receive":11,"ssl":768},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor1.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor1.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 8439\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-20f7\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 74969b20c080d9f824dbc2c7fad6e489\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":8439,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"65b6723769cef37e0c6e5850c7137bc8","sha1":"d5258baab5f5cdaa29b6853558f16dd6b6435d00","sha256":"161ead6af798bef1ea9b6091a24df2b0f741a0ee0415f2abc11a4d115e0fe874","sha512":"3eadd356a2de604911fbdb8559dc65c517403c7fb09996464d92ac568240a0ab4f4c64be689fdb42d00ef0e285668654504522f6f960c8619074b27cc3981314","ssdeep":"192:jrGlvpl6wAguuMUgTy7s135bVNZFPkk5Ne3AY8TBcnEq3zrGa:3GlpJKuMe7A39VDlkk5VY8TB6zaa","tlshash":"7f02afbd8888c53efc1e8d6c62b06347bc3a71ec84398133465ccae6516c3a4e509f6b","first_seen":"2026-01-23T05:01:52.476079Z","last_seen":"2026-04-12T01:12:13.792983Z","times_seen":131,"resource_available":false,"data":null}},"time_used":2219,"timings":{"blocked":1501,"dns":0,"connect":1,"send":0,"wait":230,"receive":6,"ssl":481},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/tick.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/tick.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 444\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1bc\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2eba21f3b47252eb0317bfafba60cd5e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":444,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced","md5":"077cd6729828909df9e8d387b91bdaa9","sha1":"e18a6a43471158c5af525d6fce505a5695a87e49","sha256":"c3dd497f34d2204de6f86a554ca97321a269d2d35482c4b79249a2cd95476783","sha512":"fca1c13107960e24c1fe4e2d26da0953e9fe707dc8a7f5127c349afecac92bfaa98d551d9c031fd1c3b71eb3ede634ced3ac7e5e971ed23a2b21562e28798f0d","ssdeep":"","tlshash":"60f05c52ab957d1dde5895721b8d025908b24204252a0b4cc00cf0765ab9bc17e51079","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.803455Z","times_seen":807,"resource_available":false,"data":null}},"time_used":1195,"timings":{"blocked":969,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e63o0h2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:19:44 GMT","end":"Mon, 18 May 2026 18:19:43 GMT"},"fingerprint":{"sha1":"5D:21:36:26:B5:1D:67:14:0D:6A:68:D3:7C:EB:39:6E:A1:45:8C:29","sha256":"BC:A5:DD:5A:08:3A:33:49:76:BB:EB:18:9C:45:17:80:A1:3E:31:5F:BA:F9:93:28:C7:76:A0:97:FF:E9:3F:1C"}}},"request":{"raw":"GET /gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e63o0h2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\nexpires: Wed, 25 Mar 2026 15:54:39 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 143456\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":417990,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"bb1213ad0551c5dbdee7621467aca4d9","sha1":"1fee3c6d2e7b8d5791d0b7d69e64afd064442189","sha256":"71a64022db96509a3492b965ae932ab1f44441a251231b72c974d27ccbd240ed","sha512":"1e2ad789663291584d287bc0b94778d20bd8246db0d677c9356f00c2728a91776fe97703e5cdf5eb7e2d7bebd556baeb9c34884df19f11d0039b2ab8da5c1904","ssdeep":"6144:YuZ7q1MyflCscuKRZwMl58G1ppnlbW34g9bc6uzJcYQ:7BytCRucwI58fL","tlshash":"aa9407cdb3d674665392f478903f018ba57a68a2f44cc899f185ccd42e74a9a8277f3c","first_seen":"2026-03-25T15:55:30.48966Z","last_seen":"2026-03-25T15:55:30.48966Z","times_seen":1,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/td?id=G-3LRD95F87M\u0026v=3\u0026t=t\u0026pid=1736985795\u0026gtm=45je63o0h2v9125945943za20g\u0026seq=1\u0026exp=103116026~103200004~115938466~115938468~116024733~117484252\u0026dl=cn.memxzf.com%2Fhome%2Fregister\u0026tdp=G-3LRD95F87M;125945943;1;1;0\u0026frm=0\u0026slo=5\u0026hlo=19\u0026lst=3\u0026pcid=_UA-119765380-3\u0026bt=0\u0026ct=3\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:19:44 GMT","end":"Mon, 18 May 2026 18:19:43 GMT"},"fingerprint":{"sha1":"5D:21:36:26:B5:1D:67:14:0D:6A:68:D3:7C:EB:39:6E:A1:45:8C:29","sha256":"BC:A5:DD:5A:08:3A:33:49:76:BB:EB:18:9C:45:17:80:A1:3E:31:5F:BA:F9:93:28:C7:76:A0:97:FF:E9:3F:1C"}}},"request":{"raw":"GET /td?id=G-3LRD95F87M\u0026v=3\u0026t=t\u0026pid=1736985795\u0026gtm=45je63o0h2v9125945943za20g\u0026seq=1\u0026exp=103116026~103200004~115938466~115938468~116024733~117484252\u0026dl=cn.memxzf.com%2Fhome%2Fregister\u0026tdp=G-3LRD95F87M;125945943;1;1;0\u0026frm=0\u0026slo=5\u0026hlo=19\u0026lst=3\u0026pcid=_UA-119765380-3\u0026bt=0\u0026ct=3\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:46:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgtc:46:0\r\nreport-to: {\"group\":\"ascnsrsgtc:46:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:46:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T18:55:58.746745Z","times_seen":13673560,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","fqdn":"secure.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1 HTTP/1.1\r\nHost: secure.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ncontent-length: 761\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1776,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1776), with no line terminators","md5":"ccea7bbd6ba501702ec3aa884a9a2199","sha1":"dce101e584c5ce64964af3c813b020ab36c6cc16","sha256":"c478c8b80c90b2b77139d41f43c1741c2447d1c149e9056536a77d4be9d8ce65","sha512":"852477f8ec6d71a255c44abac871da7555da4a545b5aee72bd9a97f5057da647d7e11ce31aea34720a70bbdbabcbf4c5629ebf2e03697ad2bf2e29b3df119a4d","ssdeep":"","tlshash":"a9314173aa10c91d71748221f98bb08e895d534e8644acf2b29512fe0ae0ed58273e29","first_seen":"2026-03-25T12:35:16.723117Z","last_seen":"2026-03-26T09:55:41.732637Z","times_seen":76,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":39,"dns":0,"connect":0,"send":0,"wait":405,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a4hskh.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:12:52 GMT","end":"Mon, 15 Jun 2026 15:12:51 GMT"},"fingerprint":{"sha1":"CC:24:F1:31:6C:E5:80:F8:E6:EA:62:FD:DD:BF:C9:2C:57:50:D8:7E","sha256":"78:16:1E:5B:21:01:BF:2B:2B:83:A3:7F:44:2F:F2:71:3D:6E:4D:D4:A3:7D:96:72:FD:35:E6:FF:AC:AF:FC:61"}}},"request":{"raw":"GET /activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 91065\r\nx-amz-id-2: TVM1VITUZLsZ0G4H7GC+75F8ruk1Z4/gjbBc0c4E6Aq2w1UwXWKRnEDxa6UCm1itPUnBiDwQhoZhDTSCAMGEWw05uEmmcmou\r\nx-amz-request-id: QVFVRAS95QAW70YD\r\nlast-modified: Sat, 17 Jan 2026 06:23:27 GMT\r\netag: \"a6f34694a8892178a7e449b0043d1429\"\r\nx-amz-server-side-encryption: AES256\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"a6f34694a8892178a7e449b0043d1429","sha1":"33d658afacb80d35cdde497bb530f08e38e23132","sha256":"766f82c583cabf2b73af2e8d6dd0595ab3ce6bd55c4b9841edf555a1639d1263","sha512":"396caa64116ac49e99f11da3c95eaa7b926f4f9eb08ff5b9aec7ca6d43d704fae3a2a2e75178db4e4082381e2480d788d4b31007dc91a091312ed1279681f978","ssdeep":"1536:nRalahFemQUbzfAgaVLBbB1RZNhmSiVdOFf5Z1Uk6VcD1s7aP0HRb9Knism8zu2E:n+abbzCPPRZjYPOFf5Z1U1uO7c0LOiYa","tlshash":"e193024fea06c57f99655c8012609993a8d1b84f0ca3b793eb588e0907dc946fe37d37","first_seen":"2025-07-18T11:22:50.653674Z","last_seen":"2026-04-12T01:12:13.795446Z","times_seen":533,"resource_available":false,"data":null}},"time_used":2508,"timings":{"blocked":790,"dns":362,"connect":213,"send":0,"wait":499,"receive":425,"ssl":216},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/register?code=21449","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:54:34.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /home/register?code=21449 HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=memxzf.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=memxzf.com\nPHPSESSID=bh8j209eisdvv1viud8b655q5b; path=/\n_code_cookie=21449-; path=/; domain=memxzf.com\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 89912b83a0a02125819f0bfca258e557\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]}],"data":{"size":104574,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (322)","md5":"82df208d2d99b891ddf9a77544681afa","sha1":"855024350f6c066aff1ecacc9544eb419ea8a983","sha256":"7323f955b16650ab8bf27e42d05501ebcf96c3bf6479191204556d169102a90c","sha512":"a923f3518ee8e7c359b4c7bb135573e1c96406ce25dcd28bd0606e5f87bc2615876345c2750e9abe8eb7f9355d70c8b8b7b18315c4d4aa3838954478f7df85d7","ssdeep":"1536:6qWYuc/8Cz9Zxl9k0w2/P/n6nvIkqWTVW2hqmODN3b6UcSL8wbkstGcd+JaOjQv/:9U2P8DiqT9fW+JaZXWyzwb9WL","tlshash":"5ea30811a8f94537017390d6b5bbaf1abeaa8037d2068c1076fd4fc45fc2e82896775e","first_seen":"2026-03-25T15:55:30.493624Z","last_seen":"2026-03-25T15:55:30.493624Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3229,"timings":{"blocked":948,"dns":331,"connect":1,"send":0,"wait":1295,"receive":38,"ssl":613},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/nav/promo_sponsor.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/nav/promo_sponsor.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 45701\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-b285\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 77ee6a723bf2dbde2d941045ce722203\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":45701,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 183 x 110, 8-bit/color RGBA, non-interlaced","md5":"4392b15e336dc870834d64c829f8c150","sha1":"af6de84ddea52908d6434951bd12c2bfbaff3b7e","sha256":"ff63b8ecd5b681b2e0a3d2cff1a1d327145839ae919ac0f7d025857d61656992","sha512":"1333809c4c3e8fc3270763dc4fbecb8f5f808ca657a9518428535a48639468581e05740782ee9af1e0b6db0ac359bf9e89a967cf941d919a94ad9be95a2dc071","ssdeep":"768:9PTkysWeomEy3WouE7U2vCRilIf/QODRMbZA0M3e3TZWeYEG6A6NAHL:9PTfPymLyARJhVAA0MO3TZXYBHL","tlshash":"ed23f12eaf46e09b6913de65cdf10081c417d6c7d49c2c35fc9e8c39a6355b4d8aab0e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.836319Z","times_seen":774,"resource_available":false,"data":null}},"time_used":3740,"timings":{"blocked":3467,"dns":0,"connect":0,"send":0,"wait":239,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/livechat_close.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:43.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/livechat_close.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:43 GMT\r\nContent-Type: image/png\r\nContent-Length: 1101\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-44d\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:43 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 299376cbb9d65f568d895e553e85b25e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1101,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced","md5":"9bf9d2f7250d29bd08780715c25883c4","sha1":"f46f8fc970f8c9fbd2d98d8927ceb85697905746","sha256":"49e7a440de423900c4321b784080e34fd9f28d0b8fd77aac440e4c256bb0ef16","sha512":"414ce8230dfcd1f1dbd9bd663ef5ac7e5e5f2cfd082c2b83df49c505d654f7b2f56406a7bd527ad1994cf307de5bc131af4f296488c22549d95f1da7ec2f9bda","ssdeep":"","tlshash":"1f11f6ce2194642c51129c2c87396a60a8e78f86053f4b1cfc804c2b6203d61a01c0b2","first_seen":"2026-03-04T07:05:29.756657Z","last_seen":"2026-04-12T01:12:13.800696Z","times_seen":85,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_event.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_event.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 33820\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-841c\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 467a938bc3596bb60842990fff510368\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":33820,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 231 x 184, 8-bit/color RGBA, non-interlaced","md5":"4590b5333179fefe5ea8e8f1a3638da3","sha1":"a0a932f3ca433bc1ea5f788e09eddfa617a4c69e","sha256":"0b3af6b7e8676050661aedd1b94b28045c7a9c905424cbde85f95f7faaf1ea43","sha512":"7ad8e92d6797b8c8c094e8651b566ea510b0bbaf998f9456d1fa1216e33b9bd8afc3840c6a3203fddb0f98e583070113a2329b34ff371dfbbc988a30ee41c425","ssdeep":"384:vdYFfWN0DI5+xe/+sRdXI/nTNAHfs2QZ4ldgeP94lYVIPR22M/96yNtHD9eDk0d4:y0gF/TNF2JSeFLIPR22M/9b/elbPs","tlshash":"7de2f1d07fa4e82156b397c770463aee708dc0ba5b43f5c6131a316b9b24b3c684799e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.774496Z","times_seen":798,"resource_available":false,"data":null}},"time_used":3683,"timings":{"blocked":3443,"dns":0,"connect":0,"send":0,"wait":233,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/fimg/i2022109557596bf60a4a37a8fd6570231b8312.png","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /fimg/i2022109557596bf60a4a37a8fd6570231b8312.png HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 228056\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:07:34 GMT\r\nETag: \"6344ddf6-37ad8\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 7fc82c39e2ae55f8be6dcfd279364d3d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":228056,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 838 x 572, 8-bit/color RGBA, non-interlaced","md5":"ad437106303315b23ca37c00fac9b9a7","sha1":"f503a3d13adaba3b253e4adb493181f86c50bb6f","sha256":"9624ab5cf4b378ccbf9525a00dfbc12c923cb62d887e8bd6a69c4d140c6a8133","sha512":"36cf78c0da7bd3530167e12f2bd3a0f75c38a745f337075d0b493eb41d6e035a2e7fe461df7a771e94eb42e69f419eb3af283b220bb211a2b652d8f55d47558a","ssdeep":"6144:/LkBXH85hsNRgjSxVQldvROEZ7dhzZA6x/qQ:QqnsNRKOVwdvgEE6IQ","tlshash":"122412ecb69b980fef3d1147925c0db4e0f820043b1c9277a155e9b7e8d21a939b5acc","first_seen":"2023-05-05T17:23:57Z","last_seen":"2026-04-12T01:12:13.770105Z","times_seen":707,"resource_available":false,"data":null}},"time_used":1802,"timings":{"blocked":1486,"dns":0,"connect":0,"send":0,"wait":233,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 3373\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-d2d\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f73a5680827e0b8b66e3eb948f970de5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3373,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 367 x 260, 8-bit colormap, non-interlaced","md5":"2d7a78ffd17b81f4d960f89c341377d1","sha1":"2ecab08e7808a385c9a712ce90beeef668c19156","sha256":"5e3bb47aa455eafd7493541cf6ce550ce84309152943f0295d79a9329879ac62","sha512":"1cdd6e6ef5f98a69379d1bbb70c6605ce05be2000426a78e5fe47a140616e118b1a6ae1b5dd0d2641f48dc0dc20216dd864ccaae690409717351122485312630","ssdeep":"","tlshash":"55612b23aaef0419f2459a3a9582d8adabbbf9138499720ec4bf986147b1d317984214","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-04-12T01:12:13.794445Z","times_seen":659,"resource_available":false,"data":null}},"time_used":1885,"timings":{"blocked":1663,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=63F0FCDF760AB2DB\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=24835324\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026v=1.3.2\u0026lv=1\u0026sn=28420\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.memxzf.com%2Fhome%2Fregister%3Fcode%3D21449\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:40.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=63F0FCDF760AB2DB\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=24835324\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026v=1.3.2\u0026lv=1\u0026sn=28420\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.memxzf.com%2Fhome%2Fregister%3Fcode%3D21449\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=09B36D066F0F000D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-12T19:00:22.14809Z","times_seen":333644,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor3.png?3","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor3.png?3 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 10466\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-28e2\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d696c02a4cb9bc0862dc871326b912b0\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"4ac6040378c52082239823adc971fe93","sha1":"f5e1c0385b576f11d3a18aba66f36abd7e895055","sha256":"3a1689108f773fc9d3a86757ce359ebe90f4543680be838bb9d82bd359e3986e","sha512":"f8ab3f0e33f548141655d8a6b1e7792835511ccef503434db65b5844d0e4c51b7667fec661294d453316b2b394a371980973c49fa144f1f707bc6f77191ff375","ssdeep":"192:M3I4RzpFzXCPwiIjmqoG+Hw66/VcNMOVejNfd++tTfanWgSO3dY:MYOzpFze9Ijmw+Ht6/CFVwNDtTfanWgs","tlshash":"d922bff15ec9a29bf8add03794362f05b6d73f8ac4ac71576724f893e48c4512c228e9","first_seen":"2026-01-23T05:01:52.443661Z","last_seen":"2026-04-12T01:12:13.806365Z","times_seen":131,"resource_available":false,"data":null}},"time_used":1954,"timings":{"blocked":1726,"dns":0,"connect":0,"send":0,"wait":227,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.carousel.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-5e3a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 590fcd8af48b18d2a2e52ccd9eabe6be\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":24122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-04-12T01:12:13.789354Z","times_seen":693,"resource_available":true,"data":null}},"time_used":1101,"timings":{"blocked":-1,"dns":280,"connect":7,"send":0,"wait":233,"receive":0,"ssl":579},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/error.js?2025092501 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Oct 2025 02:03:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dc8c09-28a5\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: e118b0b24d5e1fe86f78b85ebb804ef7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":10405,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-04-12T01:12:13.785959Z","times_seen":434,"resource_available":true,"data":null}},"time_used":1299,"timings":{"blocked":1064,"dns":0,"connect":0,"send":0,"wait":233,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 143\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-8f\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 46b8840d2513e403d5bdc1ef5ffe7b54\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit gray+alpha, non-interlaced","md5":"9a413aaa3c056af34c80628bee9e4586","sha1":"a676a5b3e90762c8c4a9314985e9abf2bad95666","sha256":"5aa5f649a8a53a15e0b65385149db1ed4f7b6286ff043f5fd96445173fc8d6d3","sha512":"ce054b7ace97a2c6922c028af0a5501b442ce7c10110ae85e5df72a542355e9ae5cc0a51b5ec6d9d577517051b30378466cbc61d9830542d47fbe36b04c440c1","ssdeep":"","tlshash":"76c08ce12a204a28faa603a22a3811d0f820b2782929474800284837401212711ea6c7","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.808316Z","times_seen":813,"resource_available":false,"data":null}},"time_used":1259,"timings":{"blocked":1030,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_return.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_return.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 778\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-30a\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3880d355e219041f2dd9baf84b9f9f57\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":778,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, interlaced","md5":"fabab84476aede515f6619fb53cec396","sha1":"84650df8e118c2c101bc0bf6e20d9c76d4303b06","sha256":"8141cf949879defeb74a01e369563041075c8417c2f3e8789bd07fcdb6499552","sha512":"99f267bd6c596ca4ccf617f05a2c86edb2ae6a805fdd5ff3458c66853e87760d215225373e71cbdae688936cbcb88441bc3138eadbad694364fcfc7490eb50c7","ssdeep":"","tlshash":"d70120c5d7761db0c2c161b7163f9a8b1a0b8516a805a10d2e8634b39945f842d8679d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.787437Z","times_seen":808,"resource_available":false,"data":null}},"time_used":1745,"timings":{"blocked":1519,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/icon_eye.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/icon_eye.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 388\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-184\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3e52c52f559af303ad2f28604c8b4775\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":388,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"25caaed99359f8457952ec929497c610","sha1":"d79b842381cc35b013b72e8eee86aaff32cc68b1","sha256":"ae84f234ff196c67c9d72336ace3a039460ef08dbd54bf288de428d8dfd4365e","sha512":"626735e0ad18bf56854307da6e5a63b269f014ff6b915ca132c17f951e882beef470b275b664693b25a6be6853ae0c0677e6696f3d4678b3eaa4a612dff2de5c","ssdeep":"","tlshash":"6fe0c0d31b1dbd30cf5801373e9157143962b2846283b108b7845102d8c63593cf7fa8","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.802899Z","times_seen":805,"resource_available":false,"data":null}},"time_used":1422,"timings":{"blocked":1196,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_football.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_football.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 20588\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-506c\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: cfe9259c7c666e6f0771915fe2868536\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":20588,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 1057, 8-bit/color RGBA, non-interlaced","md5":"1070cd5b06840cf7f154e66c09ac305e","sha1":"8864ddecf4ae0db0790bb5c901da76bc0b31c84a","sha256":"c76aa339cc81f581354af830b7ac9984cafbd3836e2f1e53762b7baa720cb43e","sha512":"cf434b41eca22162d4aa5377e62103bb0966b4dd4974599bc19f45ddf801e84aca49fd57a2d2a756b7edbd36e5fbf49195c5bc593100cc69e6b8caaa3f6733c3","ssdeep":"384:JEgvqB07FQV4hlkvWknpVtQCdWUKxk76w27R/9ThToBdAm/:JExBu2gb29nKqc7R/vMH/","tlshash":"df92d046d332f232e578f5229567c5de221f2d07099b0f1a489df013ace56bae189e0f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.779933Z","times_seen":808,"resource_available":false,"data":null}},"time_used":1448,"timings":{"blocked":1201,"dns":0,"connect":0,"send":0,"wait":241,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/close-x.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:39.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/img/close-x.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 1101\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-44d\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kh99mf6Le4oybqEQ%2FgUhOuBts2NQPWzRWoq4RnKncWcNJurowKbmgqsM9Ke%2FsOaW0a8%2B4G9DDQdqOluGRmzLL8MmCUds2Cca9Oe9Ep9OHXE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9e1f186f3e4c8deb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1101,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 25, 8-bit/color RGBA, interlaced","md5":"6d53ba3fe6c7f1b97871c37f610267c9","sha1":"911d9c2f4efec81d5a7edd84bb7a4f1b33dd8560","sha256":"a1c35b21ff48ff6181a0f1f443508abff9690316942a1d4974614c2c79f0d420","sha512":"8538e5f48126db6176b784162592998bc86fb1ccd88318b4d69334d1ef5fb8037c79ba2bb295f03836c315bbcf102a89e3b70630b6a46646c4acf5127ce4319d","ssdeep":"","tlshash":"0f1186836728cb31c123023a9399630afa184d52b61757cc59cc6c0fce980e2555c61e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.828689Z","times_seen":532,"resource_available":false,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":873,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/service/verifycode","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /service/verifycode HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=5B8D0761CF58A3BDF647AF8354FDB38B; Path=/; Secure; HttpOnly\n_vcid=5B8D0761CF58A3BDF647AF8354FDB38B; Domain=.memxzf.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 8da7d1d409258d33f6a0d829b31041ed\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1097,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"560b44d929233b6ce8d9c0186047c2a4","sha1":"86d90f8a2097a125b1dbe19f560a9abbaf6758fa","sha256":"641ea35cf44feb1d0bd3b59777ff892eddf023623482221d55e24940b907025c","sha512":"123b3bb67f41f5f3192cbf84f2af28213a495e127bd00bbaaf27bb54e968fe45869aa01c5d05bbeb89403c2dca5e722b04bf85944945c48f75871ef0981b7dd9","ssdeep":"","tlshash":"b1113266ab4b8251df2380b9958a78a292a688c2bd607371193046f9c6a0df0d89d9cd","first_seen":"2026-03-25T15:55:30.508636Z","last_seen":"2026-03-25T15:55:30.508636Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2263,"timings":{"blocked":1488,"dns":0,"connect":5,"send":0,"wait":310,"receive":0,"ssl":450},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_08p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_08p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 14696\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3968\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3fb480eb013cac1cf5ffb2be85055074\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":14696,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"ce8af7d88dfe5a8cc857666523c01fea","sha1":"370b5c460e31540ff1c8685fe2188adfc8fe3641","sha256":"7ba510715c55f7c648e19a82b9690f58ac0136c370be907bcce569c08bf03a74","sha512":"b9764ef8173289fa4b4214274745843e1cbcdfbbb7b1cbd5d1ee9e00beb3e0c0410b714bc466bf7f9bd3ba7515cb562460b1c175e03c25900418ea4bbfb68679","ssdeep":"384:XJXE05RJmFuDKsllhSHwRJ5GotcrxjYvFx:F35TmFuDKsRXurdI","tlshash":"1e62c0bb453095b578e6b81e0cf21a8b37b94fadf54e18665202f0ef60969c38e1852d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.79649Z","times_seen":787,"resource_available":false,"data":null}},"time_used":2245,"timings":{"blocked":1496,"dns":0,"connect":1,"send":0,"wait":225,"receive":8,"ssl":512},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/kz/verifycode","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /kz/verifycode HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/jpeg;charset=UTF-8\r\nContent-Length: 1489\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=F5FAA5078AB17AD283037081DAC9F066; Path=/; HttpOnly\nVERIFYCODEID=F5FAA5078AB17AD283037081DAC9F066; Domain=memxzf.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: d80380582ce8ef4f69ef19d76852eab5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1489,"size_decoded":0,"mime_type":"image/jpeg; charset=UTF-8","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"f5511096bd0c822f7f854f03618a441b","sha1":"e18bdaea05368d83e918f9a65ee175f5fa4a5666","sha256":"9be36329df0ba65a0d6f5e1ad55b72fc70626d7a6e13084abd25075935646e6d","sha512":"2874fb7e2c3044299c29dc1fa81cc7c787dfd96a03150cef09e7729534553b12850f1da99830d7c3d58fd48550ded1fded0f9cb5c4649a30d0212edcca40e50d","ssdeep":"","tlshash":"cb31b6198f036663db0ac2fe69a532e6c18796963f617b35d6300691e816df5a0059cc","first_seen":"2026-03-25T15:55:30.511401Z","last_seen":"2026-03-25T15:55:30.511401Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2290,"timings":{"blocked":1489,"dns":0,"connect":5,"send":0,"wait":279,"receive":0,"ssl":509},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/all.js?20231116 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Sep 2023 03:06:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6501272e-13044\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 17648dd2ba418e4b7c6dcb6776ae6da5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":77892,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5480)","md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-04-12T01:12:13.827638Z","times_seen":917,"resource_available":true,"data":null}},"time_used":1299,"timings":{"blocked":1057,"dns":0,"connect":0,"send":0,"wait":230,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.eaafacef.com:2053/entrance/api/config?status=1","fqdn":"api.eaafacef.com","domain":"eaafacef.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eaafacef.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 23:00:20 GMT","end":"Wed, 27 May 2026 23:58:47 GMT"},"fingerprint":{"sha1":"E2:BC:02:0C:59:2E:20:3F:82:FD:19:3C:B0:29:B6:6B:5E:67:EC:C9","sha256":"A4:D0:6E:A0:6C:29:61:D4:55:1A:6D:C7:D6:9A:E1:04:04:A2:A1:22:C5:42:FB:E1:3C:D6:4A:15:B5:A4:3B:5A"}}},"request":{"raw":"GET /entrance/api/config?status=1 HTTP/1.1\r\nHost: api.eaafacef.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.memxzf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 49\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, Content-Type, Cookie, Accept,token\r\naccess-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS\r\naccess-control-allow-credentials: false\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Fj%2FezZ1yZdK%2BNGYkjFV5ADnxCstTheb3s1bpyg3bKjkiD1xfIWNlw5UtNHlf%2FmjZ%2FghSWJXrhjcC50ndJuS2wFRHALTnnlWBGPiKaTRS8Rar3ukIEd7ony2UBVngrwUi6hYK\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9e1f1869ebb8a0cd-ARN\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2262,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"ef116870380eb3494851f85a742841e4","sha1":"bb31e610d5282e74b9651c2c028b6ea8ec7feafb","sha256":"a903df51a8b5b0e343361ae467684ccd1f69ebddaa9b4ca4558b99285a52d4ef","sha512":"5f690e9cd585a8e7db32e8f0c445eba7df46409406a9d3674442960d12556bb9c07e8ede6a5f3d9e50c0ca95d49933fbe7c8321e84aec2720b51f7b4cdf65083","ssdeep":"","tlshash":"d1419c6663e97271cd9612c0808b7beb923e3f378945eef73a5e691481603b2550c02b","first_seen":"2026-03-22T08:38:49.392982Z","last_seen":"2026-04-12T01:12:13.788877Z","times_seen":64,"resource_available":false,"data":null}},"time_used":978,"timings":{"blocked":76,"dns":51,"connect":9,"send":0,"wait":811,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/home/getGeo","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"POST /home/getGeo HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://cn.memxzf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: application/json;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=memxzf.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=memxzf.com\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 2cb5c7da7db04d2bda0563889fea289b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"675ca17e5b94ef20fd620c6792e6bbca","sha1":"7986d1ad507a7e06f21eebc12271d103c3135c53","sha256":"2b69251e2e6dd2e6475932ef63301c416e89db4b6821de01ce67a10b58206889","sha512":"303081d0e5a51eb633249e5b65d79c671aabe7dc8462cab5f6f5c57f9330dec42366509fdf3fb605a735c36d23d32865820fceb1f6eef510b36fe04945b30fb0","ssdeep":"","tlshash":"74c04c6e15d04538e9f683cead0bbf271aea4910a256055da9c8a784bb111ec9281117","first_seen":"2025-08-24T13:27:11.203711Z","last_seen":"2026-04-12T01:12:13.803989Z","times_seen":516,"resource_available":false,"data":null}},"time_used":719,"timings":{"blocked":207,"dns":0,"connect":0,"send":0,"wait":512,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/download.png","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:40.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/download.png HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 456\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\netag: \"68354d33-1c8\"\r\nexpires: Fri, 24 Apr 2026 15:54:40 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":456,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit colormap, non-interlaced","md5":"1a89c1b0da2dd8e949b7cbfbf97b0207","sha1":"eb7047b074d6e8ab5453ccd9450d30ff781e9988","sha256":"941720c6f4b421e3b7a1312f8c713c13cd6aa7033a04089795c59b96c5d50a9c","sha512":"97ff9190823f66f21d090c88aacfc49526e42d24127bc465ac9ddf4ced53c2981c14627752f77d57d85d8971752101819b9332480a65ec0c2612e8688b8ad26c","ssdeep":"","tlshash":"12f0c091268c9c1cc3dc5cbba3b69756fd18555141035c40bc79c06c579502979f89bb","first_seen":"2023-05-10T13:44:32Z","last_seen":"2026-04-12T01:12:13.8292Z","times_seen":679,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":346,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/1.BCtRR-3Q.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/1.BCtRR-3Q.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG3IjGBlsfqzIXb8sHV6Bsw1m_AEBTCDcLl0_PQxeaq_7jtDqn5ZYBw0HPIzQFbjeJxKolfq_Oc\r\nx-goog-generation: 1774440458855354\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 55443\r\nx-goog-hash: crc32c=uxsFfw==, md5=5AJ/zxGRMzC39qQeOS1FUw==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 20008\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":55443,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37855)","md5":"e4027fcf11913330b7f6a41e392d4553","sha1":"41d291717588619eaad013f40975e7a143f2b69b","sha256":"efeb21b102dcc26b6ed04fb8693babf155e17067637c483963ea54c397c6ae18","sha512":"370f2f5de0d75a09dac97058454a8ab0a3192de71a939f33fc83d36d1737778af469faf7e7f0112d897a408bcd10ddd808d08d9c2025179cd108c0f530b22595","ssdeep":"1536:EBW45ZFdvjhCQgPVA2vtIFSGurXS3qNFJ0WW:6jv7hgq2OSGSXS6Ngh","tlshash":"52434ddef24174315be355f2a06f9006b73a2a2c385cc0b0f629dd9925de44ba227f6d","first_seen":"2026-03-25T12:35:16.647686Z","last_seen":"2026-03-26T09:55:41.768256Z","times_seen":80,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/tg_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/tg_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 7233\r\nConnection: keep-alive\r\nLast-Modified: Tue, 13 Aug 2024 02:02:22 GMT\r\nETag: \"66babeae-1c41\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 47cceb2051eb00bb3f6f4de79230776a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":7233,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"6f828495b8948381356d8f958e0e3816","sha1":"8a776df06f7f07a71a8811311450b978399117e9","sha256":"fe6c74efa40b05488d4e4944a45f32d22a8b13e60637ce57bbc04b5b8323663b","sha512":"5a64ed664f2bf2d934d7c0a41a51a5b95ef998087f3badfef552d3a898648fef2b561d3a09ccd64188d55f598fa3c62d98f3d3052c28f7a17bc1d887acf9b398","ssdeep":"192:5OC/PcLhB496ikdrltIH7XTYtHSEskZNpjZf1GqsiR4KM:3k3BiGrltO7Utrp3GURxM","tlshash":"a4e1a0ebf811dcc2f508a74bc452d10286ad59074774f5ae7f9eb5c3ac2098547ef44a","first_seen":"2024-08-15T14:53:49Z","last_seen":"2026-04-12T01:12:13.836806Z","times_seen":597,"resource_available":false,"data":null}},"time_used":3435,"timings":{"blocked":3204,"dns":0,"connect":0,"send":0,"wait":230,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/luban_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/luban_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 26796\r\nConnection: keep-alive\r\nLast-Modified: Mon, 02 Mar 2026 04:06:08 GMT\r\nETag: \"69a50cb0-68ac\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3ef8c798661ddfe961b62507be72c0e2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":26796,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 123 x 283, 8-bit/color RGBA, non-interlaced","md5":"ffe365267ca41a6ac449bb20980c1a72","sha1":"9dd11a3d5d7d1137204f64adee91f9e62e163b10","sha256":"0bb459461e38692ac9fc1b915e789bc78d8ce139ae408431a603dd4caa1e0359","sha512":"74bf777500baaf8233a03196f0f1e4f63983c0667f421b274945be89a3dcfd98efb1688dcf4bd9a786d4643a7e1e70274609bc87f7194e114004b28999f97ebf","ssdeep":"768:kFM2rFV5sLBBPeVOnQ8Tzxvq5SOHScfqM:Mbz2LBBPd9Tzxy5SOtL","tlshash":"50c2f1dd5c68dfe0ca6cd505b8d8097537fdf80998b516e091f87802e8bb72428e913e","first_seen":"2026-03-02T07:28:25.817676Z","last_seen":"2026-04-12T01:12:13.837275Z","times_seen":86,"resource_available":false,"data":null}},"time_used":3429,"timings":{"blocked":3199,"dns":0,"connect":0,"send":0,"wait":227,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /js/jquery-ui.js HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-7f20a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 447ee87470a964be2af4ecba27c504c3\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":520714,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1002)","md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-12T18:45:30.683364Z","times_seen":14044,"resource_available":true,"data":null}},"time_used":1500,"timings":{"blocked":-1,"dns":489,"connect":3,"send":0,"wait":228,"receive":49,"ssl":731},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/game/Game.js?20220202 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:37 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Aug 2025 05:10:21 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"689d6fbd-f55f\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:37 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ff50d36746b4ad8faec30f6f99bb1771\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":62815,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"resource_available":true,"data":null}},"time_used":1091,"timings":{"blocked":-1,"dns":273,"connect":7,"send":0,"wait":234,"receive":1,"ssl":576},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/logo.js HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nCookie: E2Token=4b4be694-0838-4ab7-a10e-1f1943c78fb8\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: max-age=86400\r\nContent-Encoding: br\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1438\r\nX-Rate-Limit-Reset: 2026-03-26T12:34:44.0249943Z\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nc-Type: st\r\nrid: 39a0b9301f49c45fd9fac9e0f7e8c5ee\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":98,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"2555f339020a12dc222468a0dda8d97a","sha1":"1a1aeca699fa3b42bc0c4a481c44296c08d15fa8","sha256":"0e4ec376730c75884949620609cd9e13e8efda55e4e7f58a1927078e84f17e8b","sha512":"a5129128092500ece1fc8b40bf41a9cea132aadf95e4fda4d749c929ff3bf2b5ab18c32c180e74a49b2403ae0cdedb3ab3b0d1397ba56fd7b910883c43f25fc8","ssdeep":"","tlshash":"8ab01200441a3007f155157754c1422815140c95490ba26766683b32d28d0811df8347","first_seen":"2026-03-25T15:55:30.520595Z","last_seen":"2026-03-25T15:55:30.520595Z","times_seen":1,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":302,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nServer: gocache\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T18:55:58.746745Z","times_seen":13673560,"resource_available":true,"data":null}},"time_used":1553,"timings":{"blocked":1250,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.memxzf.com/kz/gp/v1/halls?_=1774454078573","fqdn":"cn.memxzf.com","domain":"memxzf.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.memxzf.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"40:B8:CE:3C:62:64:4A:ED:91:09:D5:D8:1D:31:FC:C0:D2:86:9B:8A","sha256":"56:8F:F4:7C:5B:DB:72:3A:45:C5:DC:A1:0E:36:81:68:A2:84:B7:61:2A:33:D5:55:AB:C2:EF:59:7A:C4:2A:24"}}},"request":{"raw":"GET /kz/gp/v1/halls?_=1774454078573 HTTP/1.1\r\nHost: cn.memxzf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/home/register?code=21449\r\nCookie: PHPSESSID=bh8j209eisdvv1viud8b655q5b; _code_cookie=21449-\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nX-Powered-By: Express\r\nETag: W/\"234b-xszEm+5m/VYmkqXXaaDh4A\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: c7257072ac828ef670edd184dcdabbde\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":9035,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c6ccc49bee66fd562692a5d769a0e1e0","sha1":"b4ad0786cea3df52194d2c66562b9078b9a56d5c","sha256":"5dd9b41dc1121016963305812ee348ce045f9e98e1fcc6ff4a3b306e9bb73d59","sha512":"eb46e8a0673009cbf55f81552d68e7b9af7fe6fe04f04825cbdda440ff23949dfc96c367f8b6f65ef15eaa8193c02456dd1ef85c3ebbe9ca38d6f40986e876c8","ssdeep":"192:elqdqzqBDCOqJJqxqJGqzq/qKqjqKqz0qIqwq+qSqAqDqbI1qlqhq1EqeqZqAqvB:ebN8gCp","tlshash":"fb1266d85f47fc58c95f5d212eab5ba927d97942f8cd2ec8c2cc4d6000946d2a30e73a","first_seen":"2026-03-10T07:35:49.454758Z","last_seen":"2026-03-29T16:47:31.75078Z","times_seen":30,"resource_available":false,"data":null}},"time_used":1403,"timings":{"blocked":503,"dns":1,"connect":1,"send":0,"wait":385,"receive":0,"ssl":511},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"cn.memxzf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/10.al-9NYxR.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.241","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-25T15:54:40.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/10.al-9NYxR.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWyAvKApkw9flZysOkP85KYCgpS7yo1_VoyKD821xgUeJxgRWEWTwwPSje38v5Jfi5pI18dZOQ\r\nlast-modified: Wed, 25 Mar 2026 12:07:38 GMT\r\netag: \"4a073c5805819d74eabd3e843372d502\"\r\nx-goog-generation: 1774440458848526\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 236\r\nx-goog-hash: crc32c=6eM7Vg==, md5=Sgc8WAWBnXTqvT6EM3LVAg==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 25 Mar 2027 15:54:40 GMT\r\ndate: Wed, 25 Mar 2026 15:54:40 GMT\r\ncontent-length: 236\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":236,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"4a073c5805819d74eabd3e843372d502","sha1":"cb12e953dbee2d3ea08d35d86bcd2476a490bda9","sha256":"0cb3247cac5de8fcdfb226ebe2dc4960b6ed473966359f73ca13ca286309122b","sha512":"036da8fb3959ebbef26b546019535a9edb7a99227a28252878247a756d3a7ea693f48e9ffdaf5886faa7fb2cbe56292bbf9552db5dd1d26e6574d8034ee183ba","ssdeep":"","tlshash":"ebd0a78cb643b0b16276b138853f801fb035e984a44404f0d13ad9c03d7c1a97597c5d","first_seen":"2025-11-04T08:39:27.95245Z","last_seen":"2026-04-12T19:22:52.517509Z","times_seen":11360,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_keno.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_keno.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 21322\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-534a\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 6f90187861a4383d6f5a1ea52704a4ef\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":21322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"f3d3231964cd6c0b98aceaa07e9626b6","sha1":"2fdcca8cdf610057e37e86e9c679f87d959a1821","sha256":"3075e79d3c7ef852ed0a95aa56324509b499446a6d8a454fed94f1fdd102fd90","sha512":"78837a1effb6ae7ef05256cac78af4982ceb76f36f77362f29caf29fff7f2ae6ec01d11c89ec4c87c7ffb2a9ec9ad7a6d2ccab97b5b0145c649672baf097858c","ssdeep":"384:yW63kJiUaadwYIM4oZt3zpqdyaNJQMqr3t5LwR2hD83hZTf2xL:96UJNlwSVtqdyPtZwW83HqxL","tlshash":"20a2e1c5ded60df36e6a639225e06525854ccbc29ebdd24a00e2b3d83a903c773dd3a5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.812607Z","times_seen":787,"resource_available":false,"data":null}},"time_used":1726,"timings":{"blocked":1494,"dns":0,"connect":0,"send":0,"wait":227,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.zzdyenye.com:2053/api/popup?try_platform=4\u0026username=","fqdn":"game.zzdyenye.com","domain":"zzdyenye.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.zzdyenye.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 16 Mar 2026 00:00:00 GMT","end":"Sun, 14 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"29:E2:4A:89:D6:C2:87:07:D4:70:8C:24:B9:EB:FF:08:5F:0B:85:11","sha256":"0B:90:28:52:98:E3:C5:48:E1:09:6B:CB:A7:89:CC:70:6E:DE:D7:4F:EB:B5:84:C1:DA:9D:5C:42:BA:77:C8:DC"}}},"request":{"raw":"GET /api/popup?try_platform=4\u0026username= HTTP/1.1\r\nHost: game.zzdyenye.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.memxzf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:39 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":610,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3d852e1b52ef1427b6bdcb7ecab4506b","sha1":"02539ced800b1aeb569a11744edfb97227f5cf97","sha256":"f62408c394bd16d5c4b3d28b597543aa0ce50df5e48e926a4e79b5cb9139486e","sha512":"14c63451d243ef055549b6525d812b13e54fc5f28649292d9e48d067281c05177e41dee7c2360db8c9f008d5394066e415be0a8118536a8d835aa561e384e979","ssdeep":"","tlshash":"28f07d5b693cf5821bca150604e7e38215d5738aacd8c7a1b2c68e18c6270b1938fa51","first_seen":"2026-03-22T08:38:49.381651Z","last_seen":"2026-04-12T01:12:13.833591Z","times_seen":63,"resource_available":false,"data":null}},"time_used":1654,"timings":{"blocked":637,"dns":113,"connect":211,"send":0,"wait":379,"receive":0,"ssl":310},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 57ed984f10c405d082d886302e88773a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.799062Z","times_seen":812,"resource_available":false,"data":null}},"time_used":1691,"timings":{"blocked":1459,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor2.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor2.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 12015\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-2eef\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3b7c87a936c8453059d53a02c63adf6c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":12015,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"08b1808e2230fd8765775aacaecc6048","sha1":"6938cf4392f65962c360813abd5cbcac71933b18","sha256":"632ef4b8179994b1fc9e014cbe796825cd3d4f287b0cde2073a032727325c073","sha512":"6a735a9ae1b419fe1426c3ed7614f7517a7d38000a5892aaf7f1a951922bd952a247e2f64a69dc46b8ca9040171c41f4667c0f256f738f9d3207794d17e00f33","ssdeep":"192:lXG8twMBmByAXFdhrX+gz8DjOKuywLb8GautaA5+JKKgYW/G8pTjgPQ7kXSN7aJk:BG8TBurdhaE8DQZNalJKKKjjgPQqS9a6","tlshash":"d342afb5dbbbcc7a4c0c6f8944a5ffb025304baa5d55b4b79eb7390ce7681a02a42610","first_seen":"2026-01-23T05:01:52.483819Z","last_seen":"2026-04-12T01:12:13.773805Z","times_seen":131,"resource_available":false,"data":null}},"time_used":2261,"timings":{"blocked":1500,"dns":0,"connect":1,"send":0,"wait":234,"receive":0,"ssl":522},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor6.png?6","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor6.png?6 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 10667\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-29ab\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:40 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 077ccca86267d01e62b87780a8f78093\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10667,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"a76186a57df2e8a08e4f43859de232ee","sha1":"15efac52c8cca31ef66fa30ab03882ac19f8c450","sha256":"1e9ad8182cbb1acafd9c7346931c9097af4064ae4c68d6c51359c4c81338b71b","sha512":"3a811da9146d744e34c6a8bd91f09641285507f23e086e42cad94dc0c1536cb9b7abc3284c22402a9f25615259f73bf7681addcce5d139065f01272f4b07f360","ssdeep":"192:EzUldKHgvCMYzzpM/YMDKs689IWMdgZbEXCWU3M2DwEwhFp7:hdM5zzpY68+WM+xKCWMcnZ","tlshash":"b522cfeb6cd13879eba3648310757c89f9bbd31e5471e8bb6ae31c640080c5ea156dd8","first_seen":"2026-01-23T05:01:52.44616Z","last_seen":"2026-04-12T01:12:13.793478Z","times_seen":131,"resource_available":false,"data":null}},"time_used":3439,"timings":{"blocked":3207,"dns":0,"connect":0,"send":0,"wait":231,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"13.70.24.35","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.v1c2h.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:04:47 GMT","end":"Sat, 25 Apr 2026 16:04:46 GMT"},"fingerprint":{"sha1":"1C:C9:FD:7E:97:94:2D:F6:83:69:BD:B4:E6:8D:95:32:F4:4D:46:82","sha256":"21:90:B8:8A:F7:B9:2B:5D:AA:2A:35:10:FB:CF:36:D7:EE:7F:36:66:21:67:D1:AB:F8:47:93:19:2B:6C:C4:B0"}}},"request":{"raw":"GET /global-activity-entry/js/rain-icon.js HTTP/1.1\r\nHost: www.v1c2h.com:51300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Mar 2026 15:54:37 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 09 Nov 2023 07:48:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"654c8ed6-88a9\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\npsc-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34985,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-04-12T01:12:13.806908Z","times_seen":692,"resource_available":true,"data":null}},"time_used":1036,"timings":{"blocked":-1,"dns":345,"connect":214,"send":0,"wait":258,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:37.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/member/reg.simple.js?20230220 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.memxzf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 31 May 2024 03:05:14 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"66593e6a-2b0c\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:38 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 266be34c5d31d88fc795628240307645\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":11020,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"resource_available":true,"data":null}},"time_used":1343,"timings":{"blocked":1114,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.memxzf.com/home/register?code=21449","date":"2026-03-25T15:54:38.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260311\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Mar 2026 15:54:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 300\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-12c\"\r\nServer: gocache\r\nExpires: Thu, 26 Mar 2026 15:54:39 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 47401f6946cd1380b84021cbf9d766a2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":300,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced","md5":"87b9952aa4def5ac2d4dce81528ecae3","sha1":"e34496b167df036229e923d8686858c0a306c1e2","sha256":"7aa81a942fe7f67e5b132b047c4db23993d6ffff8eaafd3692a6824236e11def","sha512":"0fbb21285e5fe2e16acb97529fe973d055261ea7e787fdfc0d4f381f9fd2c00a981dd5861a08a4d1ee0b62d0f145044678b8cc87297e62af85d5f758a826a508","ssdeep":"","tlshash":"c9e0eb4323a20d3ac3c85633a11b13308c304248b484a50d5e442a30cc8a34c2ebd623","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-12T01:12:13.775993Z","times_seen":817,"resource_available":false,"data":null}},"time_used":1262,"timings":{"blocked":1037,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}