{"report_id":"e4526565-36c8-431b-949b-0dc066e9bca6","version":6,"status":"done","tags":[],"date":"2025-12-03T11:45:43Z","url":{"schema":"http","addr":"wineedu.org/","fqdn":"wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":0,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.wineedu.org/","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"title":"TVT体育-TVT体育·(TVT SPORTS)","dom":{"size":172571,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (60890)","md5":"d2f268836199ea631aee323f8e8bc32b","sha1":"03ea7a8af08a38d226583f505a20685790456c73","sha256":"1341061c66f2647ab151d4372b61b889c5aaac8790cebed7fed94ca9b0a835c8","sha512":"d11d26b4d65111d7df0fbd35a8ed9f98693553c5c2c3483e1824f1f250f21bb9474f6ebd0b211c71d5d3a7752d590a08154ccdea0eadc6090730df1b3acfbc02","ssdeep":"3072:9d3WRH6KrzjQZJSfWTIEBQV1V0Uwwr/IBFyEUChJ:H3WwKfMXo4LBQV1GUww8B/f","tlshash":"a1f3023229873e1b3b9b84f8a0261f6e5f91cd0f8051854595ec5ae08feff70ed5a860","dom_hash":"domhash3af16ca711f227ffec1dbcbdc0020bfd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"wineedu.org/","fqdn":"wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":0,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-07T11:45:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"sadasd.king-pco.com","ip":{"addr":"47.246.48.179","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"domain_registered":"2017-03-06","domain_rank":0,"first_seen":"2025-07-05T07:52:29.678614Z","last_seen":"2025-11-27T23:01:17.614344Z","alert_count":0,"request_count":1,"received_data":448,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"sadasd.dgxmwl56.com","ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-06-12","domain_rank":0,"first_seen":"2025-11-15T10:21:33.688972Z","last_seen":"2025-11-29T14:56:40.256425Z","alert_count":39,"request_count":39,"received_data":1719381,"sent_data":17720,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"a.0316gov.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":0,"sent_data":822,"comment":"","tags":null,"fingerprints":null},{"fqdn":"wineedu.org","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":50921,"sent_data":876,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"at.alicdn.com","ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2008-06-25","domain_rank":96084,"first_seen":"2013-11-28T05:03:29Z","last_seen":"2025-12-01T03:22:46.896378Z","alert_count":0,"request_count":2,"received_data":108830,"sent_data":875,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"bannner-02.cfd","ip":{"addr":"23.231.188.106","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"domain_registered":"2025-08-25","domain_rank":0,"first_seen":"2025-09-03T10:55:38.163262Z","last_seen":"2025-11-22T22:56:33.445992Z","alert_count":0,"request_count":2,"received_data":5599,"sent_data":976,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.wineedu.org","ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":40,"received_data":2300376,"sent_data":18473,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.4.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Alibaba Cloud CDN","description":"Alibaba Cloud CDN is a global network of servers designed to deliver high-performance, low-latency content to users around the world. It is a cloud-based service provided by Alibaba Cloud, a subsidiary of the Alibaba Group, that enables businesses to accelerate the delivery of their web content, including images, videos, and static files, to end-users.","website":"https://www.alibabacloud.com/product/content-delivery-network","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.wineedu.org/","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"da3efd55b7fd7d29173167591361073b","sha1":"4902a38f5b858b28a5573a89c672f013e01697b1","sha256":"70cfe28a7c67f369c7fba86bf1fbb2a6d506c3bc4191c81bfd66c897336c9d53","sha512":"ba617e7400553861e01927912cb937ae5138713607e60982f15e59a1f1277f79cfb88b562fb6e525aba065655486681caaef8f693610ea4b1795b602bc0ce9bb","ssdeep":"","tlshash":"e2f052d6040c6cb4cb2f6cad10195e67cdcce218223dc4d0d7e71e04388697879b98c0","size":464,"data":"","first_seen":"2025-06-07T07:38:31.0708Z","last_seen":"2026-01-13T07:15:15.499285Z","times_seen":535,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"82c8b70e37642dacf28eff4cc854155a","sha1":"a3b6a34a9a4446da4144910f2ee74aa16feb8b0f","sha256":"51643f346f33a02ffc644136d25cb43eb79ff1716de96b04f2bfcf19bd1248a1","sha512":"92e0fc9a0c15737e813d0b2d68090e6e4e43ffd77f81e83adee3f41e2f7a82ea38163a828d1f79373466298df3d6909c8e42777a3ec8fdeb3d07b83d44132697","ssdeep":"48:1p7V6dOmF5/fgNNKX9jU3GtdCB3Ql8qOxSnv7yV:1p7VS/rfgnK1lkA8V","tlshash":"c6d11eeb88144fda68627fd0fd9358c9a0b485ea4b9552870ecbd7b8b12dbf45f03058","size":6242,"data":"","first_seen":"2025-09-07T12:36:20.100275Z","last_seen":"2026-03-16T06:27:10.234288Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/sttcs/stjs-remote.js","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3fecb28b89bcf9bc9d897cae1440023","sha1":"451449231f23a29e772c1b8bdfcd5bf063a32145","sha256":"6da78ea64b2581dddbe6540de9a82676daff9bc83a99ae7c0efdb18ce50de2bb","sha512":"c29e62e0d4f921955f7c1a8acde7355df038d90b65bcc5528f06c4a72d40b56ae0278bf5c9bacda7f1beb9cdfe112dc2b422b6851682b04faab482e23191a145","ssdeep":"48:I40W40c0406ThLx40cL040U40W40c0406ThLx40cL040EQlR0406T340c040D04j:WGZ3cj1FobyiCQ2asotAI","tlshash":"9ea3080dc012ebd5b5ce15ac38e49e9d5e0d8e0fbfa4c66c2e49b792579aff0a080c51","size":106571,"data":"","first_seen":"2025-09-07T12:36:20.047647Z","last_seen":"2026-03-16T06:27:10.230504Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannner-02.cfd/sttcs/?channel=88801\u0026ref=","fqdn":"bannner-02.cfd","domain":"bannner-02.cfd","tld":"cfd"},"ip":{"addr":"23.231.188.106","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"f8a0217b023797d073bf9533e6f41a49","sha1":"47bf94b066d75bd507a419bfdcc3f20024505289","sha256":"ec56ce07963597ed490565d7c8b7591501400707cac121cb26869003bc8044f8","sha512":"958f8c5a6b2d6cd41c955d6163121cfd11ea7afb11ba1489c976e740c083c59fb494df808870cfbd657460beb63ec7708434c6362993290043f8463b3a207ae3","ssdeep":"","tlshash":"7601d6296f9b6a784143820737bdd3643e7311e26474e08579dcdec80aa0fea581ae54","size":822,"data":"","first_seen":"2025-07-08T21:23:31.882606Z","last_seen":"2026-04-06T21:02:23.464665Z","times_seen":832,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/js/app.9c872bdd.js","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"20b50ea9c250e82a5ad34b3734c40735","sha1":"1be194070ca94ab17a6a382c8ef11c4c34d61ae6","sha256":"e97463332360183fedacd75cf40855d3b941c7cd395f5b1184a70c8fc5df8a7c","sha512":"438ba025993f87cacd861102bbe9a1d54452155aeda044607e4ed8a914702cb2bfb10d390249a20d37e7dc2b81a7df6b565f0c0368def4337652344c716bcb91","ssdeep":"1536:WvrgiyJlWxm+34vn5ahntVQ4VPkUBIHViTM:mvx9in0tO","tlshash":"8a633cc06148b492627b61e4043f2407b1a23a7bd205d5d4f2b9f8ededb85ea732dd39","size":70325,"data":"","first_seen":"2025-11-05T12:34:36.922843Z","last_seen":"2026-01-22T12:34:56.03677Z","times_seen":299,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/js/chunk-vendors.154c5a48.js","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"27a98bc29581290ee2c8d21bb7bcb842","sha1":"22d2f2bef2cff848801c77f489c9445a7dc3ab29","sha256":"0e07e1db7d546c1bdbc7d56ffb93c7fcc57747991745e5f1647305f0fdfba27a","sha512":"f49d32fb02e460a92a5ab6a128920f303b9d729a6827391308d2d1506db2a434d28ebfe87d794d1d644653d98e7d2b3e1a0ec7dd9b63652d338c198887d34332","ssdeep":"3072:1HebuXPLjTXzYWbmkHebuXPsFgXQT5zXbGpLsev6ns106LHebuXPVPyO9STA49oC:FzqXCNvms17Ph9Sk49opw6ahvGxjI","tlshash":"4ce4c884b774b022879d3ae4092b504ff279fa2d684740bcf268e4f57cb9585663af34","size":677706,"data":"","first_seen":"2025-11-05T12:34:36.978106Z","last_seen":"2026-01-22T12:34:56.039727Z","times_seen":299,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"d4603e5e9906dda7a5cabdbe1401a3fd","sha1":"4fb82262f5fd1f9d8dede3f4e5601ce762e27ab5","sha256":"c12ed8beefde6ba2cd9fec28e711ec6fa591d8a107d04eb644f2d3d4876d1854","sha512":"48fbcb75bd637d33052cf9d44e78c0f06a012e797bf155e132e1b394622d92d2bdbf4e4a4ed0ec2a2a469787591f2546ac2949c62074fc427fd0bfd5b712261e","ssdeep":"","tlshash":"729004d530c310544d53335404573cc730344470144c4f54c040d4511c55034511547c","size":39,"data":"","first_seen":"2023-05-08T13:41:20Z","last_seen":"2026-04-06T21:02:23.463236Z","times_seen":1810,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"8b3dd7e913f7d33304b0ce497563c853","sha1":"ff6667886d3a4e694b14ce6787891604b308b1f2","sha256":"80eba09ad0eda7058ac8f37289f1d6e6b3bcf292ef16ade03881acf3c7fd8fec","sha512":"4e719a7f1f6f6a7a485d2491dae01e399864e6b3c664fecd1bd9086e41dfe3aa9561ce07a62c08ff994f4b847be4d0b90a28b574bdfee279407713713045484f","ssdeep":"","tlshash":"8e71d9a4473a8daec4335910dd35be1d98f499b24f9fe02a9d3b3889cdb56e04b80354","size":3504,"data":"","first_seen":"2025-09-07T12:36:20.09745Z","last_seen":"2026-03-16T06:27:10.233662Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannner-02.cfd/51la.js","fqdn":"bannner-02.cfd","domain":"bannner-02.cfd","tld":"cfd"},"ip":{"addr":"23.231.188.106","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"652eef04b809d40d63f8e7fca2f1c09a","sha1":"d8e319c771caab69482ba9be40202e5a025b9491","sha256":"3a4713bb53234d93050f7530c0ac137bb703bef2aef2374c9d55b1b3b661bee8","sha512":"0b421d627ff674c18f3355fdaadb415bfabf55967413b0adbe65122e228130030b6b3e55160b23bb8d4da98d82576e4eee3c443a181df376eed3c6a764b06e14","ssdeep":"","tlshash":"c811b17e79573ca21207f0170bfbc02d32d1518c166b40c0f46ca188bf58ad5901b75c","size":950,"data":"","first_seen":"2025-07-08T21:23:31.868219Z","last_seen":"2026-04-06T21:02:23.458213Z","times_seen":834,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannner-02.cfd/sttcs/?channel=88801\u0026ref=","fqdn":"bannner-02.cfd","domain":"bannner-02.cfd","tld":"cfd"},"ip":{"addr":"23.231.188.106","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"423c8dc91e1a92b247b8902d76a0a343","sha1":"2ffc188c1637c1ba08fd98e9883af3ecc0290010","sha256":"6d19821cc86cc182d39971902f10f46d73e055edcd9904704a8602e4ce18fb7e","sha512":"7e05b9b24858be125a28d41e0400f5de4ad227e9a0ca004bd3cf34bb61831ad8b7f3012890898c2f254ea08cc84cccbbb78cdcc7b543df98e2f95cdedb82a769","ssdeep":"","tlshash":"9661ff277e808d4173b3073fb61a608cd976dc4a2e454997e420ac983ae7b71f6c1631","size":3375,"data":"","first_seen":"2025-11-05T12:34:37.008634Z","last_seen":"2026-01-22T12:34:56.050398Z","times_seen":302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/js/app.9c872bdd.js","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"20b50ea9c250e82a5ad34b3734c40735","sha1":"1be194070ca94ab17a6a382c8ef11c4c34d61ae6","sha256":"e97463332360183fedacd75cf40855d3b941c7cd395f5b1184a70c8fc5df8a7c","sha512":"438ba025993f87cacd861102bbe9a1d54452155aeda044607e4ed8a914702cb2bfb10d390249a20d37e7dc2b81a7df6b565f0c0368def4337652344c716bcb91","ssdeep":"1536:WvrgiyJlWxm+34vn5ahntVQ4VPkUBIHViTM:mvx9in0tO","tlshash":"8a633cc06148b492627b61e4043f2407b1a23a7bd205d5d4f2b9f8ededb85ea732dd39","size":70325,"data":"","first_seen":"2025-11-05T12:34:36.922843Z","last_seen":"2026-01-22T12:34:56.03677Z","times_seen":299,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"222555cfb4b947e379bcdf9d7fafd83b","sha1":"d856654c30034e85d4b5429782dd7b6c9072a3ac","sha256":"037a6a91f982b41a3e887e82390d93d7fd7712b3d43d1792d4ff6d852ed1f9eb","sha512":"d16f51645e78f0071fbda4472f1a440d2e918421d99a2f418ff6c205fe74aa423f2e816daa2bec3268bdd725d756b53995de2c7e0570143d0335114b0305e57f","ssdeep":"","tlshash":"f8c022b20c09208c0920906130340c0c4006ae04f72289f425e53c69710c3ec26d26e8","size":191,"data":"","first_seen":"2025-09-07T12:36:20.106069Z","last_seen":"2026-03-16T06:27:10.238453Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a3a0b592b9c285e050805307cee87c2","sha1":"125a168e24b2bd38aadb84cbb5f87f316b073c41","sha256":"aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23","sha512":"4097f05a9ce819914160aeba71fa11524f6b291a39b7c948509d756318b600934f1d195980df66bc7731e327979135bfcbe0e9ff3758d779a72481ed623cd3a5","ssdeep":"","tlshash":"a34000000000000000000000003000000000c000000000000000000000c0000cc00000","size":6,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-08T07:22:38.746711Z","times_seen":229122,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ccbed08b154700a92ce3b9303e7a88e7","sha1":"1c7f310b5d8badc5ccad0ee5ca76034e0809c35a","sha256":"992c95fed083bbcb377d64e66c3879e8402424e8ebb0b65344c2714c7c5a59e5","sha512":"5ac569eb37c4eb5da02ac23155d09943b11a552620aae7beac580d0074e11373d8d18692af31155d6b5ba303cc7cf9c67676af72d6681dfb9ed5074e2759d2b2","ssdeep":"","tlshash":"f1b012065c05cd845c0018c4d0b1fc14c00090208110ecc841d1906856c5acc9d02035","size":90,"data":"","first_seen":"2025-06-07T07:38:31.092238Z","last_seen":"2026-01-13T07:15:15.502352Z","times_seen":541,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"78ac2aa5ccc29c90a345c90aab40b442","sha1":"cac604932faa4add2955602b41de8a8bff362ebd","sha256":"53db339b0b80637f13dfc63813d7366c899cebe0db896602886ece619163d82e","sha512":"5c76abfa8f4091277643f4dad57c37d9eb71d33c9691f0e85bc82ac5f303d4e3da4937cbc2354e4d5c5d0022746d7c06f975f209067df2cefa55bd3827d892a7","ssdeep":"","tlshash":"31b01242d0575c0e0170c236ec485418474d4a7d9fa708010dc6ab5c0c99f1405e549c","size":103,"data":"","first_seen":"2023-03-07T01:06:53Z","last_seen":"2026-04-08T07:22:38.742088Z","times_seen":11173,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8ea3877ae0db4dd2c39f03c0b95939cb","sha1":"d1c3c9141d0521cc4401c29f81cf3f268065cb32","sha256":"acac378766e6365effed4521f0301e1bda13ab580b2a1fec957b82d4819083c4","sha512":"763be8bac55a4565239c21cf6bf367d2684c1db2bb7e7cb85d05317e6a8a0c19bfd8802afbe95290b1d9aec8b8661d6973caeab46e3c1a81c7adccce3d86af6f","ssdeep":"","tlshash":"00c02b250f313222a470c2f93c56feac0912806087a5890c31ef7836c3a720500210d1","size":133,"data":"","first_seen":"2023-03-08T12:37:01Z","last_seen":"2026-04-08T08:26:59.061779Z","times_seen":3310,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d180e5edc020160081c750b37a9650ca","sha1":"5541a8db0b73b588ef8d8096deac227d49d13f83","sha256":"0b985295d52ecb47d69f5559a5c6c83f5ba9ed9d2846fd10b72e213ddf66b120","sha512":"f4e197dcd0828c46e126690e42808159483c5f49701afff670f84f8eb36463c7c670bcf48a00fdc230438a3355721dcc4a3a54835bd97215aa5dacb296614940","ssdeep":"","tlshash":"4eb01271c999e468c125f104e0c48bce26340189b7779f084538aa62508fe942c3c5c0","size":97,"data":"","first_seen":"2023-03-08T12:37:01Z","last_seen":"2026-04-08T08:26:59.062634Z","times_seen":3310,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/arrRight.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/arrRight.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":343,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 43, 8-bit/color RGBA, non-interlaced","md5":"b1780275f8768ae64d7c009751e2f79a","sha1":"c2be8470d66cc2bf7ac715f88355fac86036e232","sha256":"2e065b4564fd88c3624c1c38968ca7a6b9c113110746ec97f8cbb0987df44140","sha512":"b649140decd1d227c7d70729d8bece6a3c4b98fa09093d1b49879dbf87d1a89c22341488e0066b3deaff5ef233ee4c1801a99b8c89f0cf5618061227e8c8fa6e","ssdeep":"","tlshash":"3fe0c0de63278c7694c20823be06ffa9622400530690e2087159edb201be9824144c91","first_seen":"2025-12-03T11:45:54.584564Z","last_seen":"2025-12-03T11:45:54.584564Z","times_seen":1,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":715,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.king-pco.com/v2/js/app.9c872bdd.js","fqdn":"sadasd.king-pco.com","domain":"king-pco.com","tld":"com"},"ip":{"addr":"47.246.48.179","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:23.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.king-pco.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:02:50 GMT","end":"Wed, 10 Dec 2025 10:02:49 GMT"},"fingerprint":{"sha1":"F9:0A:23:DC:A7:50:6C:69:A6:2A:9E:2B:04:18:44:54:75:69:81:D5","sha256":"62:79:68:05:51:2C:8B:6E:6D:73:06:1E:53:01:94:DC:40:AB:A8:F5:AE:D3:FE:AA:D1:EE:E2:A2:91:94:98:0C"}}},"request":{"raw":"GET /v2/js/app.9c872bdd.js HTTP/1.1\r\nHost: sadasd.king-pco.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bannner-02.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\nserver: Tengine\r\ndate: Wed, 03 Dec 2025 11:45:23 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-tengine-error: denied by IP ACL = blacklist\r\ncache_control: no-cache, no-store\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nvia: ens-cache1.nl3[,403004]\r\ntiming-allow-origin: *\r\neagleid: 2ff6309517647623237207790e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-08T07:38:16.649537Z","times_seen":13494560,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":99,"dns":38,"connect":26,"send":0,"wait":28,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/jinsha.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/jinsha.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3632\r\ndate: Wed, 03 Dec 2025 11:11:48 GMT\r\nx-oss-request-id: 69301AF41F7AD93837E98F3A\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\netag: \"6D762B9475A91C7B730A190E9797FA09\"\r\nlast-modified: Wed, 05 Nov 2025 05:51:34 GMT\r\nx-oss-hash-crc64ecma: 11667451016884255353\r\ncontent-md5: bXYrlHWpHHtzChkOl5f6CQ==\r\nx-oss-server-time: 9\r\nvia: ens-cache12.l2de4[0,0,200-0,H], ens-cache37.l2de4[1,0], ens-cache7.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\nage: 2016\r\nali-swift-global-savetime: 1764760308\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623246986730e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":3632,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"6d762b9475a91c7b730a190e9797fa09","sha1":"82814eb6e9289e742b2278afa9be573f576a321d","sha256":"a3786238c0d414f23d5c98beb46d06c1c19de0cb08bf8efbd5b13be63d47d014","sha512":"2c38cc93c45e1d28b1fbfebd770740e137818a3f4c3f58d7b6f50a137d60fa836fdc6184dde0338e231f672e6b3861a7d032f85c142a686072eebebcddcc6ede","ssdeep":"","tlshash":"b1716d54deb5a1baf7b07a8323f14ade284bbc61de0fe4537c9a3290103e7325649742","first_seen":"2025-09-03T16:33:36.484439Z","last_seen":"2026-03-12T08:11:54.079114Z","times_seen":868,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/jinsha.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/jinsha.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3632\r\ndate: Wed, 03 Dec 2025 11:11:48 GMT\r\nx-oss-request-id: 69301AF41F7AD93837E98F3A\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\netag: \"6D762B9475A91C7B730A190E9797FA09\"\r\nlast-modified: Wed, 05 Nov 2025 05:51:34 GMT\r\nx-oss-hash-crc64ecma: 11667451016884255353\r\ncontent-md5: bXYrlHWpHHtzChkOl5f6CQ==\r\nx-oss-server-time: 9\r\nvia: ens-cache12.l2de4[0,0,200-0,H], ens-cache37.l2de4[1,0], ens-cache7.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\nage: 2016\r\nali-swift-global-savetime: 1764760308\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623247066734e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3632,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"6d762b9475a91c7b730a190e9797fa09","sha1":"82814eb6e9289e742b2278afa9be573f576a321d","sha256":"a3786238c0d414f23d5c98beb46d06c1c19de0cb08bf8efbd5b13be63d47d014","sha512":"2c38cc93c45e1d28b1fbfebd770740e137818a3f4c3f58d7b6f50a137d60fa836fdc6184dde0338e231f672e6b3861a7d032f85c142a686072eebebcddcc6ede","ssdeep":"","tlshash":"b1716d54deb5a1baf7b07a8323f14ade284bbc61de0fe4537c9a3290103e7325649742","first_seen":"2025-09-03T16:33:36.484439Z","last_seen":"2026-03-12T08:11:54.079114Z","times_seen":868,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/aocai.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/aocai.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 1968\r\ndate: Wed, 03 Dec 2025 11:14:35 GMT\r\nx-oss-request-id: 69301B9BA0815137330DAD69\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: GIUP63UQi6PUhqdcfz8l8Q==\r\nx-oss-server-time: 7\r\nvia: ens-cache36.l2de4[0,0,304-0,H], ens-cache6.l2de4[1,0], ens-cache7.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"18850FEB75108BA3D486A75C7F3F25F1\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 3635831070579949241\r\nage: 1849\r\nali-swift-global-savetime: 1764760475\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623247746799e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1968,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"18850feb75108ba3d486a75c7f3f25f1","sha1":"d1378c6083124a9fa05bce188e862900a79a232c","sha256":"096c3be773c93b06876eaadbf2bf529a3fecb7cc459702c01eac1e36d37c36a6","sha512":"2d6e63dabf0a958680f8a76f887652a149e555a3360ccff3050d61fe4474a46833467ceb8f23ce1a0b37f59d2e3b77f5c699db0e16980ef02a9cbded70bc53af","ssdeep":"","tlshash":"b84139f3843fcf6f474adda15009a924a1f42e6e0120b60f7a82041deaed83c625866f","first_seen":"2025-09-03T16:33:36.528099Z","last_seen":"2026-03-12T08:11:54.090622Z","times_seen":860,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/h3.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/h3.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3440\r\ndate: Wed, 03 Dec 2025 11:14:38 GMT\r\nx-oss-request-id: 69301B9E9F6B603039CC9523\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: 2vYiO/KrFuOcM5UhTE0Jgg==\r\nx-oss-server-time: 7\r\nvia: ens-cache2.l2de4[0,0,304-0,H], ens-cache24.l2de4[0,0], ens-cache6.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"DAF6223BF2AB16E39C3395214C4D0982\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:27 GMT\r\nx-oss-hash-crc64ecma: 6996494176447752236\r\nage: 1846\r\nali-swift-global-savetime: 1764760478\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623248466865e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3440,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"daf6223bf2ab16e39c3395214c4d0982","sha1":"9e8f2b502cbb8d35b323ff2898db97abb8949f32","sha256":"a6d466bfccb6f3645aaf1abbb51bebaeab1b93ebc361e66ae1e804f91cf85685","sha512":"9b11c5d35fff2953b52da2b71c0829d840ed81246681634a79f98315f1b366a6fdec0b08735fb51b114572fbf04db771e30080adf294238c23149e4057b9dfaa","ssdeep":"","tlshash":"40616deab0075b2ad6ee5c4722ea05e801b411448f6af73d52333d80407ee71db14738","first_seen":"2025-09-03T16:33:36.494534Z","last_seen":"2026-03-12T08:11:54.065517Z","times_seen":859,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/h4.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/h4.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 2976\r\ndate: Wed, 03 Dec 2025 11:15:43 GMT\r\nx-oss-request-id: 69301BDFE80D013734C864B1\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: yRbJircmvlCthIqKK8uPPA==\r\nx-oss-server-time: 8\r\nvia: ens-cache12.l2de4[0,0,304-0,H], ens-cache5.l2de4[1,0], ens-cache10.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"C916C98AB726BE50AD848A8A2BCB8F3C\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:27 GMT\r\nx-oss-hash-crc64ecma: 12211000741100375803\r\nage: 1781\r\nali-swift-global-savetime: 1764760543\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623249216927e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":2976,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"c916c98ab726be50ad848a8a2bcb8f3c","sha1":"339db709496a570c20060dffd1d2ebd7384c944b","sha256":"bfe250accafb70d77c5dcddcc9576eb3fa4e1132f1a109c3209d38a362c0efe6","sha512":"abdc4bc0802e6e263613f73a0626ffb0f84a1ab16c5701c603038321284e7f67de5853a69f2d1458d936165e81dfebec16c95d431fb22da9644768383115421d","ssdeep":"","tlshash":"ab514aae803abbaed82884175e678b556a092cb2778f4015d595e3f2583c4ecd4c5a0b","first_seen":"2025-09-03T16:33:36.529475Z","last_seen":"2026-03-12T08:11:54.06346Z","times_seen":840,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/h_pic3_03.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/h_pic3_03.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1577,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced","md5":"ab4e6253cb9184c03b416b416ee34f99","sha1":"f37a45524f347d065480f87c217a5d60b8f7e0a3","sha256":"6bdfa12dfab9ede45e6c043fbf1572264f26683d7469487ff2ad08056cc04ac4","sha512":"e4555246e360965ab77ccca218ba05590d015be763fbd686e9b9f0803397d8d6f925dbe18ba7f6ba3e15765a3e299b133a9654da40d51f0e1ef59d188d7ae8df","ssdeep":"","tlshash":"a3312cf13b2b7808dce7142994778e70843f8e1d10d5af0e09fa902af0124034792a44","first_seen":"2025-12-03T11:45:54.593236Z","last_seen":"2025-12-03T11:45:54.593236Z","times_seen":1,"resource_available":false,"data":null}},"time_used":733,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":733,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/02.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/02.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":56213,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 770x450, components 3","md5":"a8c387bb17ca61f4da9ee6705346b91e","sha1":"cd864286251defa3bb9de040370aaeaf3165ddb4","sha256":"0f446053b69b68fbcbdcb2bf66f2521e88e14b20803f48762946d800b7d6e481","sha512":"8abf73866514372c1ffad91201ba33bdba2093be2d9d41544157c696a1d7abfaee72617c68f14ba73ff13fb8cb1cb539a039b8684a19cb23b403d1d2c5669775","ssdeep":"1536:Ql4oDqa+nzDANllBeeiIL3jdGAjPCkrHBIGdbYStmbPu:3kd8ePL3jwqPj1IGdEambPu","tlshash":"04430233ea5795131bc4cfe1f846ce5a72b756056e92b0e1e087e9da4a70fa03a7d041","first_seen":"2025-12-03T11:45:54.596641Z","last_seen":"2025-12-03T11:45:54.596641Z","times_seen":1,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/zj_bg_10.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:22.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/zj_bg_10.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/themes/default/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":730366,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 600, 8-bit/color RGBA, non-interlaced","md5":"716843a7e698c09f44a20df93edf4db2","sha1":"d95c84cb597d99d9588740d6664ff021e98c1226","sha256":"d46cee9720f79dca9b91aab6e41ddf5631568a74a5cb7b4240c9bad2e1ef7aa3","sha512":"46bc1cf87cb808ca12b9e69b2165d2a72c62a1a2464301fb727994150c7981e8664c54e368613b24b3a19dbe43275361959ffb0437e887a0f3569fff7a2b30db","ssdeep":"12288:TvQYYdJQyyKGGk4OM04G5hI/rXZ0+nnYvkdQ079BXjrwneF0vY6229y0m+:TvYdJQ1/GL0ojXZ0+ntdQ0pBgeF0k21D","tlshash":"7af4236047ee5a228b5bbc7c2b42e8f4329c578476343ff6ada49d4f1501cc692b0e79","first_seen":"2025-12-03T11:45:54.601092Z","last_seen":"2025-12-03T11:45:54.601092Z","times_seen":1,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/js/app.9c872bdd.js","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:23.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/js/app.9c872bdd.js HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bannner-02.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: application/javascript\r\ncontent-length: 27856\r\ndate: Tue, 02 Dec 2025 20:32:52 GMT\r\nx-oss-request-id: 692F4CF4352E0D35322E312B\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: ILUOqcJQ6Cpa00s3NMQHNQ==\r\nx-oss-server-time: 17\r\nvia: ens-cache35.l2de4[0,0,304-0,H], ens-cache40.l2de4[1,0], ens-cache5.nl3[0,0,200-0,H], ens-cache3.nl3[2,0]\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 05 Nov 2025 05:51:36 GMT\r\nx-oss-hash-crc64ecma: 4877841525787796720\r\ncontent-encoding: gzip\r\nage: 54752\r\nali-swift-global-savetime: 1764707572\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 31823\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623239985980e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":70325,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65114), with no line terminators","md5":"20b50ea9c250e82a5ad34b3734c40735","sha1":"1be194070ca94ab17a6a382c8ef11c4c34d61ae6","sha256":"e97463332360183fedacd75cf40855d3b941c7cd395f5b1184a70c8fc5df8a7c","sha512":"438ba025993f87cacd861102bbe9a1d54452155aeda044607e4ed8a914702cb2bfb10d390249a20d37e7dc2b81a7df6b565f0c0368def4337652344c716bcb91","ssdeep":"1536:WvrgiyJlWxm+34vn5ahntVQ4VPkUBIHViTM:mvx9in0tO","tlshash":"8a633cc06148b492627b61e4043f2407b1a23a7bd205d5d4f2b9f8ededb85ea732dd39","first_seen":"2025-11-05T12:34:36.922843Z","last_seen":"2026-01-22T12:34:56.03677Z","times_seen":299,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/yongliv2.jpg.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/yongliv2.jpg.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 18768\r\ndate: Wed, 03 Dec 2025 11:11:13 GMT\r\nx-oss-request-id: 69301AD1F5B7DD3530C8C641\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: R/Xs176m+2DC65ZRMKtqng==\r\nx-oss-server-time: 4\r\nvia: ens-cache37.l2de4[0,0,304-0,H], ens-cache21.l2de4[1,0], ens-cache12.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"47F5ECD7BEA6FB60C2EB965130AB6A9E\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 144771093701938812\r\nage: 2051\r\nali-swift-global-savetime: 1764760273\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623246696702e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":18768,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"47f5ecd7bea6fb60c2eb965130ab6a9e","sha1":"79df686e71cbd14002b3ed129cd9072bab9d5804","sha256":"e27e5dff537f04897daa950b2d177d28fbf018067e76dc512ec5f4a6aa1ef9e1","sha512":"ac5056436af720955dbad9c1950a014b6448b867dddcc658179a3374a678b26468c65df0f1f35aae5796b706a5f8a3e44dc5988d7ab3efcd6bf0897cdde92102","ssdeep":"384:h8zr075Lg9XvF4+/yKNfkhB1DI8gnIOp9NjEs+oJlMhHc23JsTwg:ivv9XvV/yKahB1DIEOpcs+oJ2F2L","tlshash":"7782d0a47e8d0d5f0f260b66ecb6567f361241fcc92dbcea21412961aec730c16b419a","first_seen":"2025-09-03T16:33:36.511403Z","last_seen":"2026-03-12T08:11:54.062846Z","times_seen":870,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/imgad.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/imgad.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42312,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 760x513, components 3","md5":"03199d4ba9625b5599b8c871e9ba3e8d","sha1":"b93437377834f69544ad71bfe5723556868830b4","sha256":"c27c237dd0757beb60b54c0cb44b8ae72513a1ebb6b6772a08efced79a1979a9","sha512":"b7e3c9aedd5fe98d2f28087137494c646fd46087567d429abe4e81c4591eafdf0739106329e978094143a974e434fb5f54ea8fc228df32a6638a4a1837e49b5b","ssdeep":"768:nVhq0HCsu65pHilGnfcnEW3LY9tckwHMw5XYltgEWxstrJeJKUYH9:n1HCsugbnfcEW3c9Kk6MVgsRoUUe","tlshash":"a513f1070058c670fb31c7f626f72656c90273c7295584775652faadab60e32b8e4eb8","first_seen":"2025-12-03T11:45:54.607053Z","last_seen":"2025-12-03T11:45:54.607053Z","times_seen":1,"resource_available":false,"data":null}},"time_used":872,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":872,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.0316gov.com/common/images/foot2.jpg","fqdn":"a.0316gov.com","domain":"0316gov.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.962Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /common/images/foot2.jpg HTTP/1.1\r\nHost: a.0316gov.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-08T07:38:16.649537Z","times_seen":13494560,"resource_available":true,"data":null}},"time_used":727,"timings":{"blocked":727,"dns":0,"connect":261,"send":0,"wait":0,"receive":0,"ssl":1024},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/ad_ctr.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:22.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/ad_ctr.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/themes/default/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3328,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 140, 8-bit/color RGBA, non-interlaced","md5":"f504d10d5e89bc5afc22737fa201274d","sha1":"53462aaee7c42ef51ffd8dd6727bb95f959fc90e","sha256":"968aecb6baaeaab57b3f10e939f4bf72a9e4c40ceae54824e46ab8bd01b5912b","sha512":"3e1506301b2375411915647367a668bdd56ed5889473a4bd24506d04471108a9d3173adc68d78f9a20c542662812c2f5b2e7e513cb154b60bb8a7b7978989ed9","ssdeep":"","tlshash":"d5614bc7076b5df9080a09fc4ee6d060e6103c42d92496e17cfb7335a8b9944780b0fb","first_seen":"2025-09-24T13:11:44.194348Z","last_seen":"2025-12-03T11:45:54.610037Z","times_seen":2,"resource_available":false,"data":null}},"time_used":527,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":527,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/dian_03.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:22.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/dian_03.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/themes/default/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced","md5":"96a8c1b8dd1b0c0116065b9e5e5265a6","sha1":"81ab521a62efb0e37e80801d03b0b44c0292f805","sha256":"807de0e87a911f05ee8e6c61dfcfdeb3ff53d7f3380e6d90e7393dc1c45f6ae1","sha512":"cd574c8d97bcb99cfd9b83b5671415b0160eaf0eb0d9b0123341983bb6c5b7afe7036fa3969e85966c6a70a78c81458bb11dfd3e18d10c0d923af083a0b779a5","ssdeep":"","tlshash":"feb09be256705439c5991963746548609561c42d4561514446d1fd30366162d41d964f","first_seen":"2025-12-03T11:45:54.611301Z","last_seen":"2025-12-03T11:45:54.611301Z","times_seen":1,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":523,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/xpj.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/xpj.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3728\r\ndate: Wed, 03 Dec 2025 11:09:26 GMT\r\nx-oss-request-id: 69301A665A53BB3136826BC0\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: 9La1WJWXcfxIXs4b6UkV3w==\r\nx-oss-server-time: 6\r\nvia: ens-cache21.l2de4[0,0,304-0,H], ens-cache13.l2de4[1,0], ens-cache3.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\netag: \"F4B6B558959771FC485ECE1BE94915DF\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 3958719860094207122\r\nage: 2158\r\nali-swift-global-savetime: 1764760166\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623245546576e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3728,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"f4b6b558959771fc485ece1be94915df","sha1":"bab00a57859a67027c6278e884d9409fd4175d0a","sha256":"0709e51d6b1ee93c7cea8fd80a939d2a05c13cd096ba6bd73a5feab771683d59","sha512":"8ccd35e43dc90c59c8278b37ccf5a9e755e16526cf30e1c7e8d97ec18080959d32f05cfe2c3be9ab6151328cf6924541f2b68edb5e05369acf02e20a53714140","ssdeep":"","tlshash":"29715e615e6fc01ed85fa6ee0e454a58706093c57aa55c874316d45c0f7a5f10b8721d","first_seen":"2025-09-03T16:33:36.491393Z","last_seen":"2026-03-12T08:11:54.077138Z","times_seen":880,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/venetian.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/venetian.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 4224\r\ndate: Wed, 03 Dec 2025 11:09:59 GMT\r\nx-oss-request-id: 69301A87AF1C2D32373E5DF7\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: u+fJ8v919x8HEq2tV6hYGg==\r\nx-oss-server-time: 7\r\nvia: ens-cache21.l2de4[0,0,304-0,H], ens-cache8.l2de4[1,0], ens-cache6.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"BBE7C9F2FF75F71F0712ADAD57A8581A\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 1165881306545535803\r\nage: 2125\r\nali-swift-global-savetime: 1764760199\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623245886610e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":4224,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"bbe7c9f2ff75f71f0712adad57a8581a","sha1":"497277bc92a2d28ca5fbf43209cf311881559a76","sha256":"5853c93e0a75652995044598c8f20b4e20c882f2af738236cf8d1c510e4e6215","sha512":"1176c292a36b1ca4c25cdfc80cb5f26251d87aa1b793941a94a843cee35d15924979a9e2a69749920a3f187aa9f766596fb3752c423f3b6aad3920770ba0a5f3","ssdeep":"96:cX2LSLIlzqOv5WXPUHdQQyUuTtfUeWZc0vqBR+OHbdoUnM6:e0zqG5WXPUHryTxMm0vqBRjoc","tlshash":"06916ed8104ae07424d1c8447a4d7cf567dc82d9b5e5d0dd69e99abf385e2279cc48cc","first_seen":"2025-09-03T16:33:36.54313Z","last_seen":"2026-03-12T08:11:54.075228Z","times_seen":878,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/js/slider.js","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/js/slider.js HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4391,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"f87ba8e8ada3764fe15d502e90c571b4","sha1":"d2f16dd01427ca5059259a1fb9350357eb15775f","sha256":"e9edc56664b52975ba8e616e0963f6949ca9068e70af908afbfa9af5b485f0b4","sha512":"c6bc95d6b5a1a4784dadc778ad52a8e950ef6d0d8cf13c5f6a6a9a95d9556af4aee6f46b300414f267893d6ac951a8fb82251bfd378e56996a838d097a29e119","ssdeep":"48:W5t3WMkFMDgGxpKud94HGiZu8IxOiLAGxzkFOtdMdWyq:kkMkaDtxhdoI8iLEOjyq","tlshash":"8491ce0855b23364c06730bcabdfc818563b92176c0eaa84789d97c44fd402ce6ebbf8","first_seen":"2023-03-10T09:37:24Z","last_seen":"2026-01-31T18:55:03.449588Z","times_seen":19,"resource_available":true,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/about_07.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/about_07.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16464,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 374x221, components 3","md5":"033b5a57a182ce27208fb2b3ead3f44f","sha1":"957978cf4804df3c6e5723cd16b256f0542c673b","sha256":"d64be4d61f0845084e2e6800a835cc826fb48b67c8fc097b82789a14a850dde4","sha512":"474e41d1aed5813bc8fa08d45d63d506cdb92766e9d0c81ac1e5978ad894ee06b4b4d9db0f95173c5ecf97ae2c6741db158f14aa3e1aca9fa127b5d73ee30cfe","ssdeep":"384:iv5bcgXbHsPCXKFBjv4ECD/bV0WMsE/nlX6dwRX8Kj:iv5o6bHsgK3kzjV0WYnlXAm8e","tlshash":"3972c010363271bb679a85f3123dd677b7818955ea6d7078034a8bf7e848e71121cdc7","first_seen":"2025-12-03T11:45:54.617847Z","last_seen":"2025-12-03T11:45:54.617847Z","times_seen":1,"resource_available":false,"data":null}},"time_used":718,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":718,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/ld.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/ld.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21348,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 374x221, components 3","md5":"e9c4241065bb4737525f52cff88aac3a","sha1":"e15e453d71ab5520c15b6e73096d220aa356d3eb","sha256":"507b6d666119bac7e6923ef44235a0ac476ae7a408a1835a3eef8a88e840c49a","sha512":"647fe20a896aae1e1e606b1efe925cca9a5acead71b60a5245ef8a125ab09a6ffd6a4673939b36dbafe03cea27e9f266b8951fdaf3920a0810cd652aea165f97","ssdeep":"384:idX4wPM0EiiISxLqB3FxtUTl6iE+BecTeJm3Z7hJL30zL9DbNo0bD4fS6t:idXg0GIyLqB3FxtOGyMJ0ZENl4j","tlshash":"63a2d0d96fa30684cf40cbb1ed62a37250f1e64d47a5c8306758a503e60ad7be4f7949","first_seen":"2025-12-03T11:45:54.62068Z","last_seen":"2025-12-03T11:45:54.62068Z","times_seen":1,"resource_available":false,"data":null}},"time_used":717,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":717,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/title_header_2.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/title_header_2.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 5952\r\ndate: Wed, 03 Dec 2025 11:05:55 GMT\r\nx-oss-request-id: 69301993E80D0138317C56A7\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: 95emk8stLClzoCz1KYQmXQ==\r\nx-oss-server-time: 6\r\nvia: ens-cache16.l2de4[0,0,304-0,H], ens-cache7.l2de4[1,0], ens-cache1.nl3[0,0,200-0,H], ens-cache3.nl3[3,0]\r\netag: \"F797A693CB2D2C2973A02CF52984265D\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 11387363650588875629\r\nage: 2368\r\nali-swift-global-savetime: 1764759956\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623243556341e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":5952,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"f797a693cb2d2c2973a02cf52984265d","sha1":"c80c4020e380fa30717e0e30511e33332659030c","sha256":"9416326679c40636493616e5e076c44bf25732bbb334e2b1ef82f652a43cb70a","sha512":"eab92353d54994891839a6c4771ca7f1b6f60464bf444b690f1f29a38aba4f0b34aceeffef85336675f354a6c8fec529248d36221e076d8106896457f4410a5e","ssdeep":"96:jq/ZImtdXy/HyvIs0sRw6ZqXAd+XziOfWZLglqIk3O8fbV4O4yfuflT3Tj3jG:j+ZIa9uSdYyqXAdkiOf0usdbVClBj2","tlshash":"45c19db221697ae413519005e00ce8532c3bfbb99b5bb6fbd21c4ca5b09d1278ac324c","first_seen":"2025-09-03T16:33:36.476554Z","last_seen":"2026-03-12T08:11:54.059651Z","times_seen":889,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/galaxy.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/galaxy.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3936\r\ndate: Wed, 03 Dec 2025 11:14:10 GMT\r\nx-oss-request-id: 69301B825A53BB31377E46C5\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: frxKr7+qkIH912HpjXw8cQ==\r\nx-oss-server-time: 7\r\nvia: ens-cache7.l2de4[0,0,304-0,H], ens-cache23.l2de4[1,0], ens-cache3.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"7EBC4AAFBFAA9081FDD761E98D7C3C71\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 10899675424917328619\r\nage: 1874\r\nali-swift-global-savetime: 1764760450\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623247316762e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3936,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"7ebc4aafbfaa9081fdd761e98d7c3c71","sha1":"0303d265bdd24326c6efc8eb0174324dc4bdbb41","sha256":"1be0111c90f853371c32acd60c2ae5262f7c02a2a19232162d26aa8d27b2e182","sha512":"da1594ee7c519df5c52b4516738bb578597f12a733ac5e52fee06d6a33e37727c12e0f542ad815adc08eb39d7a5aae58058bbed92b18e5b09544110938603d90","ssdeep":"","tlshash":"49817d11bf3882893a6cfd019d8ff9b8f40aab579f7c52e257167642c989146538c613","first_seen":"2025-09-03T16:33:36.541591Z","last_seen":"2026-03-12T08:11:54.068428Z","times_seen":863,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wineedu.org/","fqdn":"wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T11:45:20.048Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-08T07:38:16.649537Z","times_seen":13494560,"resource_available":true,"data":null}},"time_used":430,"timings":{"blocked":0,"dns":70,"connect":175,"send":0,"wait":0,"receive":0,"ssl":182},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/video_09.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/video_09.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29114,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x338, components 3","md5":"247363af2a81075c0b4ba89a448906b8","sha1":"6898527b8743884509f4cd46542bea7d4e1ecbf0","sha256":"34357b571babccb0651d049c151f7f903b8ba2cac9e3e5e9b1663e8ca09d9d91","sha512":"afa19e6cf604b45b9a05df19446ae21ab67dd5a6a6a2c500cb38b1ea3cb2dc33b27f738846039aee23a057504911b6e57ba5599913b725dc4e247f0d6de55746","ssdeep":"384:taA+eCu8YT0g7qOIbaavxufUvVOir8njXQK4/4JefPrTTQolwRf0aw2Mqm8Vq9OT:t6u2oosfSVOig5MTnUoqB1q5MUg","tlshash":"dfd2e1e6c7c89eb7be121d92bd47613086dbae1333a06494ac2386b87e54f3864f051d","first_seen":"2025-12-03T11:45:54.625264Z","last_seen":"2025-12-03T11:45:54.625264Z","times_seen":1,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-08-08/50e43009578aa1694ae0d5efa65304db.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-08-08/50e43009578aa1694ae0d5efa65304db.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7024,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 374x151, components 3","md5":"d2d853672febf781ccd95607dca4c443","sha1":"defaa7ebcf3f12816ca2489c39534695cc2c9659","sha256":"3a8d90b9b5a9b2097750a77db28a55c0ff13b2211d5c6d04f419442ac483a76b","sha512":"9c1177cc81a6ab070539bb0c501f0dff7516c46d39ad160156f0e9ae4acc8764899dbc196e2aae5907e3c330ef770004bfda77a44fbe0e775ad55ba9d353ed5e","ssdeep":"192:LwHwT4hOzdU7UGnGfBq4yDwDWPm198Lt2:0HjhOzd3GGdyDM8p2","tlshash":"23e17e62bb473473ab01c9b408f2e7478b8ca5c679d5d57417ea0f998d01cb0434af9c","first_seen":"2025-12-03T11:45:54.627291Z","last_seen":"2025-12-03T11:45:54.627291Z","times_seen":1,"resource_available":false,"data":null}},"time_used":587,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":587,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/gf.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/gf.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 7248\r\ndate: Wed, 03 Dec 2025 11:05:35 GMT\r\nx-oss-request-id: 6930197F9932F1363582153A\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: fwLLJfbqvLaPgNf2ya7ylA==\r\nx-oss-server-time: 6\r\nvia: ens-cache24.l2de4[0,0,304-0,H], ens-cache31.l2de4[0,0], ens-cache12.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"7F02CB25F6EABCB68F80D7F6C9AEF294\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 14846563367258194295\r\nage: 2389\r\nali-swift-global-savetime: 1764759935\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623242386217e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":7248,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"7f02cb25f6eabcb68f80d7f6c9aef294","sha1":"806e2335841cf01333441d877c5f63e9a6c08649","sha256":"4cafdb32238c727db07aa4a17a66332a883d73f041fbeae6656c3914c1f03812","sha512":"e69bc0f3d6fdbb634b24b88f57a5fc65611d69b2d91d9c275f6d05c9502d956823ee37739f64be4e98fba512ec6ddcc63508d99326e7e3488283809b03850f7b","ssdeep":"192:pIJ4GOl/PwNVhhCyejkp96ydUDOJD3OcZM2qn/Uy:Ets/PW05ji96ydQO9+Mqcy","tlshash":"63e1ae8c4bc043cf791631d79bdab4299b57a69ac05e8a50f5e7360b21b12acec4f138","first_seen":"2025-09-03T16:33:36.505647Z","last_seen":"2026-03-12T08:11:54.062239Z","times_seen":889,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/title_header_2.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/title_header_2.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 5952\r\ndate: Wed, 03 Dec 2025 11:05:55 GMT\r\nx-oss-request-id: 69301993E80D0138317C56A7\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\netag: \"F797A693CB2D2C2973A02CF52984265D\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 11387363650588875629\r\ncontent-md5: 95emk8stLClzoCz1KYQmXQ==\r\nx-oss-server-time: 6\r\nvia: ens-cache16.l2de4[0,0,200-0,H], ens-cache23.l2de4[1,0], ens-cache3.nl3[8,7,200-0,M], ens-cache3.nl3[11,0]\r\nage: 2368\r\nali-swift-global-savetime: 1764759956\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:45:24 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623243556342e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5952,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"f797a693cb2d2c2973a02cf52984265d","sha1":"c80c4020e380fa30717e0e30511e33332659030c","sha256":"9416326679c40636493616e5e076c44bf25732bbb334e2b1ef82f652a43cb70a","sha512":"eab92353d54994891839a6c4771ca7f1b6f60464bf444b690f1f29a38aba4f0b34aceeffef85336675f354a6c8fec529248d36221e076d8106896457f4410a5e","ssdeep":"96:jq/ZImtdXy/HyvIs0sRw6ZqXAd+XziOfWZLglqIk3O8fbV4O4yfuflT3Tj3jG:j+ZIa9uSdYyqXAdkiOf0usdbVClBj2","tlshash":"45c19db221697ae413519005e00ce8532c3bfbb99b5bb6fbd21c4ca5b09d1278ac324c","first_seen":"2025-09-03T16:33:36.476554Z","last_seen":"2026-03-12T08:11:54.059651Z","times_seen":889,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":11,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/h1_2_bg.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/h1_2_bg.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 5664\r\ndate: Wed, 03 Dec 2025 11:09:23 GMT\r\nx-oss-request-id: 69301A635A53BB3936335FC0\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: 3u9lfvhkwtFZ1dssxSnWkg==\r\nx-oss-server-time: 8\r\nvia: ens-cache25.l2de4[0,0,304-0,H], ens-cache31.l2de4[1,0], ens-cache11.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"DEEF657EF864C2D159D5DB2CC529D692\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:13 GMT\r\nx-oss-hash-crc64ecma: 17043963358344161980\r\nage: 2161\r\nali-swift-global-savetime: 1764760163\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623244016405e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":5664,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"deef657ef864c2d159d5db2cc529d692","sha1":"c99f09600a5f87e18725ba85d64f73600b6d1a44","sha256":"1fee54caca0e2018a3582c7f5196a390700bb60911b17ed49416eb033c08a9fe","sha512":"f9aebe44ba2d4d8b46a7f9eca1446f3a84dc9f8dd20572fb708351f569a8cbaa1d3d4af4146bab33fcf3b04354da1c3dfc04532be5ede58cd04aa9633dc795a3","ssdeep":"96:1JE91T1eh/MtQoIUklsxTH6jBgQz1vkoaswfbRIqwFBospgIhquv7CRm6k:Q91JeyIsZOBpkoaJrEBoEjumt","tlshash":"f2c1ae01b514124e0a93bbd9fe313c4796fafcb4494ec4e82f09ed8e8b42697751dae4","first_seen":"2025-09-03T16:33:36.534383Z","last_seen":"2026-03-12T08:11:54.076659Z","times_seen":889,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/erweima_03.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/erweima_03.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3088,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 62x61, components 3","md5":"2b75ef90309dc636b2b96046b183cfb7","sha1":"3b75e50a870aa0888a148eb77ed3649296646756","sha256":"5fe1fa93e961d505b273d7799094ba08a8ee6f60974738179fdf7896740a4658","sha512":"ec8196d852dd39c85a4b6cdf1c7a49fd721ec7586e2f2e48b7bc73e6857f713fc9ef6277eaa00818f66eb0661e29815c888dd8204265ef24473d9e65925a4a28","ssdeep":"","tlshash":"02513c4b532b430cef70183ee6d615d2b0c353ba2510ab3b4ab4a450e9a4cbe447602f","first_seen":"2025-12-03T11:45:54.631177Z","last_seen":"2025-12-03T11:45:54.631177Z","times_seen":1,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/js/app.9c872bdd.js","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:23.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/js/app.9c872bdd.js HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bannner-02.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/javascript\r\ncontent-length: 27856\r\ndate: Tue, 02 Dec 2025 20:32:52 GMT\r\nx-oss-request-id: 692F4CF4352E0D35322E312B\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: ILUOqcJQ6Cpa00s3NMQHNQ==\r\nx-oss-server-time: 17\r\nvia: ens-cache35.l2de4[0,0,304-0,H], ens-cache40.l2de4[1,0], ens-cache5.nl3[0,0,200-0,H], ens-cache1.nl3[3,0]\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 05 Nov 2025 05:51:36 GMT\r\nx-oss-hash-crc64ecma: 4877841525787796720\r\ncontent-encoding: gzip\r\nage: 54751\r\nali-swift-global-savetime: 1764707572\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 31823\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309517647623239008001e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":70325,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65114), with no line terminators","md5":"20b50ea9c250e82a5ad34b3734c40735","sha1":"1be194070ca94ab17a6a382c8ef11c4c34d61ae6","sha256":"e97463332360183fedacd75cf40855d3b941c7cd395f5b1184a70c8fc5df8a7c","sha512":"438ba025993f87cacd861102bbe9a1d54452155aeda044607e4ed8a914702cb2bfb10d390249a20d37e7dc2b81a7df6b565f0c0368def4337652344c716bcb91","ssdeep":"1536:WvrgiyJlWxm+34vn5ahntVQ4VPkUBIHViTM:mvx9in0tO","tlshash":"8a633cc06148b492627b61e4043f2407b1a23a7bd205d5d4f2b9f8ededb85ea732dd39","first_seen":"2025-11-05T12:34:36.922843Z","last_seen":"2026-01-22T12:34:56.03677Z","times_seen":299,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":114,"dns":51,"connect":26,"send":0,"wait":39,"receive":6,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/xpj.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/xpj.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3728\r\ndate: Wed, 03 Dec 2025 11:09:26 GMT\r\nx-oss-request-id: 69301A665A53BB3136826BC0\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: 9La1WJWXcfxIXs4b6UkV3w==\r\nx-oss-server-time: 6\r\nvia: ens-cache21.l2de4[0,0,304-0,H], ens-cache13.l2de4[1,0], ens-cache3.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\netag: \"F4B6B558959771FC485ECE1BE94915DF\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 3958719860094207122\r\nage: 2158\r\nali-swift-global-savetime: 1764760166\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623245636587e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":3728,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"f4b6b558959771fc485ece1be94915df","sha1":"bab00a57859a67027c6278e884d9409fd4175d0a","sha256":"0709e51d6b1ee93c7cea8fd80a939d2a05c13cd096ba6bd73a5feab771683d59","sha512":"8ccd35e43dc90c59c8278b37ccf5a9e755e16526cf30e1c7e8d97ec18080959d32f05cfe2c3be9ab6151328cf6924541f2b68edb5e05369acf02e20a53714140","ssdeep":"","tlshash":"29715e615e6fc01ed85fa6ee0e454a58706093c57aa55c874316d45c0f7a5f10b8721d","first_seen":"2025-09-03T16:33:36.491393Z","last_seen":"2026-03-12T08:11:54.077138Z","times_seen":880,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/lecaiwang.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/lecaiwang.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 10368\r\ndate: Wed, 03 Dec 2025 11:14:37 GMT\r\nx-oss-request-id: 69301B9D9F27CB3631A6590A\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: WSujNgfrBnJcsYTwxxOUsA==\r\nx-oss-server-time: 6\r\nvia: ens-cache13.l2de4[0,0,304-0,H], ens-cache33.l2de4[0,0], ens-cache5.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"592BA33607EB06725CB184F0C71394B0\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:26 GMT\r\nx-oss-hash-crc64ecma: 11669669320036622189\r\nage: 1847\r\nali-swift-global-savetime: 1764760477\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623248006815e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":10368,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"592ba33607eb06725cb184f0c71394b0","sha1":"b7c83ce8abe029b97033be7e7e7a224c4ace5dd7","sha256":"b9d1fc75e25b0444b0c5f0a3eebfad0fa01b1b82beb4b303cd64fd5dc0cf20bd","sha512":"6db10daa24ce9739658c1e647398d2a8741c9b71c5e29e5cb877d7eb128dc1479a55aa71ae8c6a3fa04fcf560f75424be6982818dfa1d25de0d45bf019ae5f98","ssdeep":"192:JPXKB/+uZrv0Uw/EXQOwWn7eDAPeqYK939UZxmhvHm5wKcl7:JPXW/+Kv0UgCQOwW71IyUZxKvG6Ht","tlshash":"cc22b0ca261cdb89d3bd0402f5ec560aca39b6c3641dcdc84cc7e49e610b4f95a9415f","first_seen":"2025-09-03T16:33:36.507713Z","last_seen":"2026-03-08T09:42:45.644545Z","times_seen":801,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"wineedu.org/","fqdn":"wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":80,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T11:45:20.495Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 MOVED PERMANENTLY\r\nServer: nginx\r\nDate: Wed, 03 Dec 2025 11:45:20 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: http://www.wineedu.org/\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"MOVED PERMANENTLY","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50708,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-08T07:38:16.649537Z","times_seen":13494560,"resource_available":true,"data":null}},"time_used":521,"timings":{"blocked":163,"dns":0,"connect":166,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-08-08/80b3d596efa78d9d6eeb173b992c2ab3.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-08-08/80b3d596efa78d9d6eeb173b992c2ab3.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46252,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 179 x 268, 8-bit/color RGB, non-interlaced","md5":"133ce26d5bf6411c321a3f1c3382a9bf","sha1":"39f0df3f6c6c17dee6d1c3874f385794e709fa79","sha256":"7768241048bd0dd5a53a4bd4e86837bdb51db410f48ebde53e6ea1c754e47516","sha512":"8a364fe31fc7a372fba01521c5b1bbaabdd9d24bb151d2ecd6f510369a82a33b2fd359d9af3eaa44e922cf5390ca21a75a664aab9b683d653290b2d8a8cf10e2","ssdeep":"768:8b7MLfNkdB5L8ajzFUnxWXPGLBgBe3P/8VDPVxsoPDm5WJyim7A:RL1cVqbNn8V/skcWJfm7A","tlshash":"7f2302dc49b455b1fa1938ccc50b5bedcd095af15a16c18899c2fb0caed86fbc788189","first_seen":"2025-12-03T11:45:54.633726Z","last_seen":"2025-12-03T11:45:54.633726Z","times_seen":1,"resource_available":false,"data":null}},"time_used":878,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":878,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-08-08/3f527bfcb611194d9bda5104e3546ae3.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-08-08/3f527bfcb611194d9bda5104e3546ae3.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":257445,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 413 x 531, 8-bit/color RGB, non-interlaced","md5":"2355d86c3b4462a0f8a8caab054a3f6e","sha1":"ae6d0f05a4a26fe2be352850ba4a2626d2fac779","sha256":"58cb4bdbb2efd510fb973bc52b8156276f6eeb592ca599c6e538f1fc16912907","sha512":"255115ca7d99dc6ebe23665534fd43f929f39eb85f40a4d7e78594c2ef91043384bb6c05e507b83150ec569e17fb869ea1806dc33db2ef01a875ef3877103b8f","ssdeep":"6144:fOS/Y7hAVYYuBw2+Dq1z6P7DPfbmYRNTpDN0oVLvqR:f/Y7h6ux+DT7DaYRNTFN0ALW","tlshash":"5e44234bf2d6bd6c3bd0961a0e46bed381902ba8fcb85b61cf43283313d49167a645f5","first_seen":"2025-12-03T11:45:54.635428Z","last_seen":"2025-12-03T11:45:54.635428Z","times_seen":1,"resource_available":false,"data":null}},"time_used":878,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":878,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-08-08/94a87cc2f9ccf1c02beacbffee03350f.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-08-08/94a87cc2f9ccf1c02beacbffee03350f.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4032,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 119x147, components 3","md5":"d47eda87e70bd04c655c77e7d1e60130","sha1":"4aabf5698ae296b8cbff192e5d0a158fbd660660","sha256":"7b3494b92eee1de13e8637df947f7ed20b0c184622b28f0ee895e20ebd89f9f4","sha512":"20838cf2bb8cc00269a6ade7b4772c99581cffec597fa2ebd099cf1e18ac08ba009ec1d3a3e4da7965f2d4b26c4eaf57522870e3c0ea61ffb359ca7f014c0d77","ssdeep":"","tlshash":"22816c1e999963f2cbe7e6b7027331a2d5ad8ee17dfc33783861059082c0db2d4045b1","first_seen":"2025-12-03T11:45:54.637198Z","last_seen":"2025-12-03T11:45:54.637198Z","times_seen":1,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/galaxy.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/galaxy.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3936\r\ndate: Wed, 03 Dec 2025 11:14:10 GMT\r\nx-oss-request-id: 69301B825A53BB31377E46C5\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: frxKr7+qkIH912HpjXw8cQ==\r\nx-oss-server-time: 7\r\nvia: ens-cache7.l2de4[0,0,304-0,H], ens-cache23.l2de4[1,0], ens-cache3.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\netag: \"7EBC4AAFBFAA9081FDD761E98D7C3C71\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 10899675424917328619\r\nage: 1874\r\nali-swift-global-savetime: 1764760450\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623247416766e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":3936,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"7ebc4aafbfaa9081fdd761e98d7c3c71","sha1":"0303d265bdd24326c6efc8eb0174324dc4bdbb41","sha256":"1be0111c90f853371c32acd60c2ae5262f7c02a2a19232162d26aa8d27b2e182","sha512":"da1594ee7c519df5c52b4516738bb578597f12a733ac5e52fee06d6a33e37727c12e0f542ad815adc08eb39d7a5aae58058bbed92b18e5b09544110938603d90","ssdeep":"","tlshash":"49817d11bf3882893a6cfd019d8ff9b8f40aab579f7c52e257167642c989146538c613","first_seen":"2025-09-03T16:33:36.541591Z","last_seen":"2026-03-12T08:11:54.068428Z","times_seen":863,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/aocai.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/aocai.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 1968\r\ndate: Wed, 03 Dec 2025 11:14:35 GMT\r\nx-oss-request-id: 69301B9BA0815137330DAD69\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: GIUP63UQi6PUhqdcfz8l8Q==\r\nx-oss-server-time: 7\r\nvia: ens-cache36.l2de4[0,0,304-0,H], ens-cache6.l2de4[1,0], ens-cache7.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"18850FEB75108BA3D486A75C7F3F25F1\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 3635831070579949241\r\nage: 1849\r\nali-swift-global-savetime: 1764760475\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623247666792e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1968,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"18850feb75108ba3d486a75c7f3f25f1","sha1":"d1378c6083124a9fa05bce188e862900a79a232c","sha256":"096c3be773c93b06876eaadbf2bf529a3fecb7cc459702c01eac1e36d37c36a6","sha512":"2d6e63dabf0a958680f8a76f887652a149e555a3360ccff3050d61fe4474a46833467ceb8f23ce1a0b37f59d2e3b77f5c699db0e16980ef02a9cbded70bc53af","ssdeep":"","tlshash":"b84139f3843fcf6f474adda15009a924a1f42e6e0120b60f7a82041deaed83c625866f","first_seen":"2025-09-03T16:33:36.528099Z","last_seen":"2026-03-12T08:11:54.090622Z","times_seen":860,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/lecaiwang.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/lecaiwang.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 10368\r\ndate: Wed, 03 Dec 2025 11:14:37 GMT\r\nx-oss-request-id: 69301B9D9F27CB3631A6590A\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: WSujNgfrBnJcsYTwxxOUsA==\r\nx-oss-server-time: 6\r\nvia: ens-cache13.l2de4[0,0,304-0,H], ens-cache33.l2de4[0,0], ens-cache5.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"592BA33607EB06725CB184F0C71394B0\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:26 GMT\r\nx-oss-hash-crc64ecma: 11669669320036622189\r\nage: 1847\r\nali-swift-global-savetime: 1764760477\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623248086827e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":10368,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"592ba33607eb06725cb184f0c71394b0","sha1":"b7c83ce8abe029b97033be7e7e7a224c4ace5dd7","sha256":"b9d1fc75e25b0444b0c5f0a3eebfad0fa01b1b82beb4b303cd64fd5dc0cf20bd","sha512":"6db10daa24ce9739658c1e647398d2a8741c9b71c5e29e5cb877d7eb128dc1479a55aa71ae8c6a3fa04fcf560f75424be6982818dfa1d25de0d45bf019ae5f98","ssdeep":"192:JPXKB/+uZrv0Uw/EXQOwWn7eDAPeqYK939UZxmhvHm5wKcl7:JPXW/+Kv0UgCQOwW71IyUZxKvG6Ht","tlshash":"cc22b0ca261cdb89d3bd0402f5ec560aca39b6c3641dcdc84cc7e49e610b4f95a9415f","first_seen":"2025-09-03T16:33:36.507713Z","last_seen":"2026-03-08T09:42:45.644545Z","times_seen":801,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/h3.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/h3.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 3440\r\ndate: Wed, 03 Dec 2025 11:14:38 GMT\r\nx-oss-request-id: 69301B9E9F6B603039CC9523\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: 2vYiO/KrFuOcM5UhTE0Jgg==\r\nx-oss-server-time: 7\r\nvia: ens-cache2.l2de4[0,0,304-0,H], ens-cache24.l2de4[0,0], ens-cache6.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"DAF6223BF2AB16E39C3395214C4D0982\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:27 GMT\r\nx-oss-hash-crc64ecma: 6996494176447752236\r\nage: 1846\r\nali-swift-global-savetime: 1764760478\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623248376857e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":3440,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"daf6223bf2ab16e39c3395214c4d0982","sha1":"9e8f2b502cbb8d35b323ff2898db97abb8949f32","sha256":"a6d466bfccb6f3645aaf1abbb51bebaeab1b93ebc361e66ae1e804f91cf85685","sha512":"9b11c5d35fff2953b52da2b71c0829d840ed81246681634a79f98315f1b366a6fdec0b08735fb51b114572fbf04db771e30080adf294238c23149e4057b9dfaa","ssdeep":"","tlshash":"40616deab0075b2ad6ee5c4722ea05e801b411448f6af73d52333d80407ee71db14738","first_seen":"2025-09-03T16:33:36.494534Z","last_seen":"2026-03-12T08:11:54.065517Z","times_seen":859,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/css/style.css","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/css/style.css HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: text/css; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12772,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (326)","md5":"481242aea6ddae14bec111947dfb65a9","sha1":"1cbee5816d8f6ad80fab47089f4454420e0b6476","sha256":"620671972d98c639ea6d7d9f91fed72157185cf7acc7ce3ab5638a402e370bba","sha512":"5c9e125ddaede0a5c181cdabc84e6dfcae8cc1cd914460174dff89b1755c232adcd173b1a31a9346301d715a39aa53c527cac7c5b2ea291e2bfd89d5059e246a","ssdeep":"384:Cvmq8CGp/jpE3U1tSSvSgMroG8+Rj6IsU/mJc+uV:C3upbCh8RuN","tlshash":"5942a716e3641108f077d6f7be12d75b23168043b2026afd6ee83464d18f8a21a77be7","first_seen":"2025-12-03T11:45:54.63871Z","last_seen":"2025-12-03T11:45:54.63871Z","times_seen":1,"resource_available":false,"data":null}},"time_used":595,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":595,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/js/jquery.SuperSlide.2.1.1.js","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/js/jquery.SuperSlide.2.1.1.js HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11408,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10855)","md5":"fd7557b79ce6261f027b3f360ca5fa78","sha1":"e2975accbbfbb6daf9f4b6f0a48c93b6aa043407","sha256":"3400defd7bd2f094fbbe42a2449fa23bf573516631e76cc7451da186d14a1e4a","sha512":"bc4039a57e81723589878c4469b38f185ca857531d0844be6f2db746b276decd2e9d4869ac24af69f03bf5307289c5bb76192ade9929c529808fae6a1fa65718","ssdeep":"192:BEK3b+H+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:BDznqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"c532c75fb66635ce4597b3f1107f940d222b5965fc8a8ca0b17482c0adb9a1c243bfed","first_seen":"2023-04-05T04:17:49Z","last_seen":"2026-04-07T00:13:51.059371Z","times_seen":2147,"resource_available":true,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/css/app.6c1a6a05.css","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:23.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/css/app.6c1a6a05.css HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bannner-02.cfd/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/css\r\ncontent-length: 4377\r\ndate: Tue, 02 Dec 2025 22:22:27 GMT\r\nx-oss-request-id: 692F66A372AE9E3232C7D12F\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: yJxzJObZ/a62h3TZ9lnOng==\r\nx-oss-server-time: 26\r\nvia: ens-cache31.l2de4[0,0,304-0,H], ens-cache14.l2de4[1,0], ens-cache10.nl3[0,0,200-0,H], ens-cache1.nl3[1,0]\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 05 Nov 2025 05:51:36 GMT\r\nx-oss-hash-crc64ecma: 11561004336749496851\r\ncontent-encoding: gzip\r\nage: 48176\r\nali-swift-global-savetime: 1764714147\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 38398\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309517647623239708080e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":11415,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11415), with no line terminators","md5":"c89c7324e6d9fdaeb68774d9f659ce9e","sha1":"d26a544951aea527b518d6afa1fde98e2f0767ec","sha256":"8e7070ade796574a8af91ebd129eea33f5a1be934e122d501694a777475a66f5","sha512":"57fda97f9171e830dfa8d593a367fbe98fbdab3a44ad584938d57b66e89d1e801a711a336254dbc74eee6265cf13e1fff536f2c350d42b3f10d5176f11207b79","ssdeep":"192:JclMemUnBkJfQ4D24ZJQKMDmxxN2yZbJq67W:A9Bke4D8KzW","tlshash":"1532a73feb10a93dd26e1b19a280ecde3378e34ab7529d71c893eb56c35115e5a302c4","first_seen":"2025-09-03T16:33:36.48916Z","last_seen":"2026-03-31T02:34:07.967343Z","times_seen":801,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/alpha.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/alpha.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"bb12cba0adb2c079e733e4c8a57c3aaa","sha1":"f5d0997af0c107d7dcb51375c99bb727019a8bb8","sha256":"e497ca2f599a68685b917011c3b77b12b5d5da7fc2b6dcbd43d49517cf409706","sha512":"dc0102021019eb671482db7022586d59d292e0118e1c72009a8d3de3aeb8c0ec90d480db71c3c595e302b9a7b2cdf04db8d98058ab94c58ff6d8e86e8034ffdc","ssdeep":"","tlshash":"0ca022e3e300ef3ccac0003b022f0330cab2203882200f0e802ec03e0808b00008cf8b","first_seen":"2023-06-22T14:00:27Z","last_seen":"2026-04-06T17:14:10.67007Z","times_seen":44,"resource_available":false,"data":null}},"time_used":590,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":590,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/002.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:22.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/002.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":157606,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x550, components 3","md5":"e5e579ab05287843556ca2e9b36a72fb","sha1":"60d9fe4d3b1055939e8e00dea3c46db27f60134c","sha256":"b1db3000a504a8504074e5e94ff839090e3073f399bfa9a2d9e3e0bab5c0f0ce","sha512":"2a3dbd206a9c66a94438faabc468a2b8589400a81beb1251614264bab0aa735d917a4e63a9706a7eb7733a341406f7ba99ec98230f384356891ed2ed5d35520c","ssdeep":"3072:zF1ElCiYedsw9Ri8mPMNHBkvGcCMdx18faEr4y4fP:LEwedBdAx1QaM4nP","tlshash":"18f3125bdda5db8587009bbe7f42ce3f991b976dd8803a70a446ca4a5c00dfe1ca342d","first_seen":"2025-12-03T11:45:54.643313Z","last_seen":"2025-12-03T11:45:54.643313Z","times_seen":1,"resource_available":false,"data":null}},"time_used":530,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":530,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/h1_2_bg.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/h1_2_bg.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 5664\r\ndate: Wed, 03 Dec 2025 11:09:23 GMT\r\nx-oss-request-id: 69301A635A53BB3936335FC0\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: 3u9lfvhkwtFZ1dssxSnWkg==\r\nx-oss-server-time: 8\r\nvia: ens-cache25.l2de4[0,0,304-0,H], ens-cache31.l2de4[1,0], ens-cache11.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\netag: \"DEEF657EF864C2D159D5DB2CC529D692\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:13 GMT\r\nx-oss-hash-crc64ecma: 17043963358344161980\r\nage: 2161\r\nali-swift-global-savetime: 1764760163\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623244066416e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":5664,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"deef657ef864c2d159d5db2cc529d692","sha1":"c99f09600a5f87e18725ba85d64f73600b6d1a44","sha256":"1fee54caca0e2018a3582c7f5196a390700bb60911b17ed49416eb033c08a9fe","sha512":"f9aebe44ba2d4d8b46a7f9eca1446f3a84dc9f8dd20572fb708351f569a8cbaa1d3d4af4146bab33fcf3b04354da1c3dfc04532be5ede58cd04aa9633dc795a3","ssdeep":"96:1JE91T1eh/MtQoIUklsxTH6jBgQz1vkoaswfbRIqwFBospgIhquv7CRm6k:Q91JeyIsZOBpkoaJrEBoEjumt","tlshash":"f2c1ae01b514124e0a93bbd9fe313c4796fafcb4494ec4e82f09ed8e8b42697751dae4","first_seen":"2025-09-03T16:33:36.534383Z","last_seen":"2026-03-12T08:11:54.076659Z","times_seen":889,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/venetian.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/venetian.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 4224\r\ndate: Wed, 03 Dec 2025 11:09:59 GMT\r\nx-oss-request-id: 69301A87AF1C2D32373E5DF7\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: u+fJ8v919x8HEq2tV6hYGg==\r\nx-oss-server-time: 7\r\nvia: ens-cache21.l2de4[0,0,304-0,H], ens-cache8.l2de4[1,0], ens-cache6.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"BBE7C9F2FF75F71F0712ADAD57A8581A\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 1165881306545535803\r\nage: 2125\r\nali-swift-global-savetime: 1764760199\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623245966617e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":4224,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"bbe7c9f2ff75f71f0712adad57a8581a","sha1":"497277bc92a2d28ca5fbf43209cf311881559a76","sha256":"5853c93e0a75652995044598c8f20b4e20c882f2af738236cf8d1c510e4e6215","sha512":"1176c292a36b1ca4c25cdfc80cb5f26251d87aa1b793941a94a843cee35d15924979a9e2a69749920a3f187aa9f766596fb3752c423f3b6aad3920770ba0a5f3","ssdeep":"96:cX2LSLIlzqOv5WXPUHdQQyUuTtfUeWZc0vqBR+OHbdoUnM6:e0zqG5WXPUHryTxMm0vqBRjoc","tlshash":"06916ed8104ae07424d1c8447a4d7cf567dc82d9b5e5d0dd69e99abf385e2279cc48cc","first_seen":"2025-09-03T16:33:36.54313Z","last_seen":"2026-03-12T08:11:54.075228Z","times_seen":878,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/o3.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/o3.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 6272\r\ndate: Wed, 03 Dec 2025 11:15:43 GMT\r\nx-oss-request-id: 69301BDEF5B7DD36326D5D46\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\netag: \"F81DF81D8CC99461A0AA98C1BE47D52A\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:25 GMT\r\nx-oss-hash-crc64ecma: 4590402592081478128\r\ncontent-md5: +B34HYzJlGGgqpjBvkfVKg==\r\nx-oss-server-time: 7\r\nvia: ens-cache13.l2de4[0,0,200-0,H], ens-cache10.l2de4[1,0], ens-cache4.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\nage: 1781\r\nali-swift-global-savetime: 1764760543\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623248816900e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":6272,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"f81df81d8cc99461a0aa98c1be47d52a","sha1":"5960ec0ccce538716e5a94cd9fea4f5017238568","sha256":"4efa1f49e42d2d4b9e2385449a3700fc2eac33bd7641dde8da6630d4257cd2a0","sha512":"43830883229ff0b08228b02cc091b7777612f4d10c0d95611c11148e7734f48b2cb174c29f450ef68dc28fd7be3ab7bd6b1410fd3dd76b701fcef11d99d55ba9","ssdeep":"192:k4x3T3Nw532n95nUwKm7Ec9sS8/hvqUj8:k4tbUUEdRSUY","tlshash":"2dd1a0a8ef2b7e09307860e034eb4ae7b1784878d841f5273d7211283939ae019fd5c9","first_seen":"2025-09-03T16:33:36.513085Z","last_seen":"2026-03-12T08:11:54.082575Z","times_seen":844,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T11:45:20.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:21 GMT\r\ncontent-type: text/html; charset=UTF-8; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:1.4.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Alibaba Cloud CDN","description":"Alibaba Cloud CDN is a global network of servers designed to deliver high-performance, low-latency content to users around the world. It is a cloud-based service provided by Alibaba Cloud, a subsidiary of the Alibaba Group, that enables businesses to accelerate the delivery of their web content, including images, videos, and static files, to end-users.","website":"https://www.alibabacloud.com/product/content-delivery-network","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50708,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (481)","md5":"cf7f0ffebdf8d9a5b32e9558d502acfd","sha1":"354d0eee28e4fe31a437e39e3cd4080e10c2ec4a","sha256":"1e431db88e37af5b610f3e7067b2df89236857027ec2b3d3656907dbb6cc2a17","sha512":"30b9639156713624ee44fa672e2831fd2a778370158125c45cb8c52442fcbcb5f8e35e1f00f257304264bb2d58c286542d38b5f94c91b521dec5e81c0d773362","ssdeep":"384:ItVnc/bneoip0hJpgwJ9s+uYNIKm85V52FpW:ItVgeWJKwLxP5V52i","tlshash":"4133451990f854a30152dd8d7eb8b3366e538097c94a6e41b2dd5f8d6f82be28c03b9d","first_seen":"2025-12-03T11:45:54.64572Z","last_seen":"2025-12-03T11:45:54.64572Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1188,"timings":{"blocked":433,"dns":98,"connect":162,"send":0,"wait":322,"receive":0,"ssl":170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/logo_03.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/logo_03.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14582,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 451 x 50, 8-bit/color RGBA, non-interlaced","md5":"88cc4a79fb1239e02d9f5da5fcb441a4","sha1":"0480800929f407fcbd63cac2a054fbff74ba31cf","sha256":"2339f316042af6397ecef9369cb05a4bbee0df76124e7fc84962620b6fa0e1e4","sha512":"93f737f2ba87e5bed7293b2ae12fe53c118133584b628395ade608cc174086cdf4cc428b297bf76ca85ce8778d213042eed9fccd0ef06cdd0eb90be8fe40138c","ssdeep":"384:oYC3/ryxQGgoURDUgjQ5EqZIlQ9zn5q9fjXTd9DB7oTIm:w3/rFxagjNEznufDhZB7EIm","tlshash":"f262d16ad893733404851da17eb98b6170112a6b8ec3b1a5f45e93eb453fcf1dc24b92","first_seen":"2025-12-03T11:45:54.64782Z","last_seen":"2025-12-03T11:45:54.64782Z","times_seen":1,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/h_pic2_03.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/h_pic2_03.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1759,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced","md5":"112acbd2af932d5d3db456197be1d3ad","sha1":"d1e9a1cdd8aeed8e6b200468a2ac575de7a2b3e7","sha256":"97b39ede7e117b1d43415224b893b805b03c02339c252e9122b6b7faa469a814","sha512":"a5c5de32dd195ff3d542c74dc3c9e43401a53de949fe137fc8beccbf59f1a8e88280453a49dc5bb1309262d2d07955aad4a30b5fd2b72a4e5a3c065946a39435","ssdeep":"","tlshash":"8d31dbbec070691199ab0ab4ed871ff6eef591b26300134c23f844216908f359bd6dbb","first_seen":"2025-12-03T11:45:54.649226Z","last_seen":"2025-12-03T11:45:54.649226Z","times_seen":1,"resource_available":false,"data":null}},"time_used":897,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":897,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/sttcs/stjs-remote.js","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /sttcs/stjs-remote.js HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106571,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b3fecb28b89bcf9bc9d897cae1440023","sha1":"451449231f23a29e772c1b8bdfcd5bf063a32145","sha256":"6da78ea64b2581dddbe6540de9a82676daff9bc83a99ae7c0efdb18ce50de2bb","sha512":"c29e62e0d4f921955f7c1a8acde7355df038d90b65bcc5528f06c4a72d40b56ae0278bf5c9bacda7f1beb9cdfe112dc2b422b6851682b04faab482e23191a145","ssdeep":"48:I40W40c0406ThLx40cL040U40W40c0406ThLx40cL040EQlR0406T340c040D04j:WGZ3cj1FobyiCQ2asotAI","tlshash":"9ea3080dc012ebd5b5ce15ac38e49e9d5e0d8e0fbfa4c66c2e49b792579aff0a080c51","first_seen":"2025-09-07T12:36:20.047647Z","last_seen":"2026-03-16T06:27:10.230504Z","times_seen":77,"resource_available":true,"data":null}},"time_used":545,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":545,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"at.alicdn.com/t/font_692868_p3glnasfvba.js","fqdn":"at.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 16 Jun 2025 09:41:05 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"64:77:72:8B:BB:58:44:79:90:C3:B0:8D:35:BC:EC:6C:D6:35:BD:83","sha256":"3D:49:49:78:42:46:FF:F7:52:9B:6B:82:DF:7E:54:4B:F9:BA:D8:34:14:1D:21:67:63:4E:5B:62:A1:D8:85:B5"}}},"request":{"raw":"GET /t/font_692868_p3glnasfvba.js HTTP/1.1\r\nHost: at.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/javascript\r\ndate: Mon, 01 Dec 2025 06:13:05 GMT\r\nvary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Origin\r\nx-oss-request-id: 692D31F1F3F90633312B2F90\r\netag: W/\"838A0B75A3E6963C85167E22BD34A907\"\r\nlast-modified: Sat, 25 Dec 2021 03:19:59 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 16055680065524890423\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=63072000\r\ncontent-md5: g4oLdaPmljyFFn4ivTSpBw==\r\nx-oss-server-time: 38\r\nvia: ens-cache1.l2de4[768,768,200-0,M], ens-cache35.l2de4[769,0], ens-cache8.se2[0,0,200-0,H], ens-cache2.se2[2,0]\r\nage: 192736\r\nali-swift-global-savetime: 1764569585\r\nx-cache: HIT TCP_HIT dirn:8:54848905\r\nx-swift-savetime: Mon, 01 Dec 2025 06:13:05 GMT\r\nx-swift-cachetime: 63072000\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9617647623219766266e\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":89773,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"838a0b75a3e6963c85167e22bd34a907","sha1":"0c94ff455b048c743f3e7b9637ba042a49e6bc98","sha256":"c548eb0879dcbedc02be5edfd24291fcee0f0de18ae4ab207fa5989fd76056de","sha512":"da0d51d867a0179b87016edb20ce89d33b33c016c92a90b8dcd4107c1079cb2244f55446f90588d9c577aa45f157e92dce45fb58e33065e2c8b75a12f51904e6","ssdeep":"1536:owkc65v3enPagnRW7FLZLJOpEVmDFIHxUi1SFM82Cr:5JtTr","tlshash":"28931ad1e36493fc6d0dc7eaea3564b4371f14fe3995c5bc41aace8065939a88b04cca","first_seen":"2025-12-03T11:45:54.651934Z","last_seen":"2025-12-03T11:45:54.651934Z","times_seen":1,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":99,"dns":51,"connect":11,"send":0,"wait":16,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/img/bg1.5fb6b351.png","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/img/bg1.5fb6b351.png HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sadasd.dgxmwl56.com/v2/css/app.6c1a6a05.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: image/png\r\ncontent-length: 623346\r\ndate: Tue, 02 Dec 2025 18:39:25 GMT\r\nx-oss-request-id: 692F325D5A53BB303030786D\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: X7azUayse0Hb7I6F5zDWDA==\r\nx-oss-server-time: 36\r\nvia: ens-cache37.l2de4[0,0,304-0,H], ens-cache23.l2de4[2,0], ens-cache3.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"5FB6B351ACAC7B41DBEC8E85E730D60C\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:16 GMT\r\nx-oss-hash-crc64ecma: 6642424538532111473\r\nage: 61558\r\nali-swift-global-savetime: 1764700766\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 25017\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623242586237e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":623346,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 829, 8-bit/color RGBA, non-interlaced","md5":"5fb6b351acac7b41dbec8e85e730d60c","sha1":"7074e1039cff45f906956f022e58d0c7a94deaf5","sha256":"b635c506dcb1dbae7c6571a94aaf4e21fca2a06e0875588f8f66de73c208f40d","sha512":"3ee4d9042aeb626b5e856863f61a5e94e6208df7727ea9b89d0c6c7ff3c127918e6a9ecc5fc8b41e39cfb1020cabb2851021c0f4b46b33c0fe43c4f8b9d17a1a","ssdeep":"12288:+Cg191sV0CxMvvHJVsDij1gQ69xivVGM3M4SmWECH8WnQi+wGe:+Ckfs/xMn8iRgd+VGMc4SmWExi1L","tlshash":"e5d42390190e26cbe71ef2f52a0b1a21b3e609b904bcc2141d5cafb7872176c97de75d","first_seen":"2025-09-03T16:33:36.560054Z","last_seen":"2026-03-31T02:34:07.971805Z","times_seen":838,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/new_h2_2_bg.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/new_h2_2_bg.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 9216\r\ndate: Wed, 03 Dec 2025 11:12:33 GMT\r\nx-oss-request-id: 69301B2172AE9E3137CAAE13\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: SxgOqE7PuZJd6GYwEUMPjA==\r\nx-oss-server-time: 5\r\nvia: ens-cache21.l2de4[0,0,304-0,H], ens-cache28.l2de4[1,0], ens-cache1.nl3[0,0,200-0,H], ens-cache3.nl3[2,0]\r\netag: \"4B180EA84ECFB9925DE8663011430F8C\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:12 GMT\r\nx-oss-hash-crc64ecma: 10263721311128828130\r\nage: 1971\r\nali-swift-global-savetime: 1764760353\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623244396448e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":9216,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"4b180ea84ecfb9925de8663011430f8c","sha1":"799c1348f4a0d2493e91709dc6d7965d61bb7b35","sha256":"2e0180f69a72b25cbfba62ef0a0897f9541f7ff5b0c2a7c18bcdfacc208838f6","sha512":"61b1368c748119fb089c81c385fadcd8ee87e4e2e404d6706c44ee61688dae92dcbc6f8f3c253db1680d00db539dc6d3fbcf4313f2e024f43f9e0683a20924a7","ssdeep":"192:ZI1QJrmbSy7pRGYsH84w8AFV8WeeKhUApzy7VXBp9RETnUm6wRqVW9W/rbwRqXBs:ZIWUpMLc4CAheKhU2ypXBCTFb0zbwCBs","tlshash":"a312d0038b4ddc5d5deb96f7bbf394924a17e9c215f708bdc2e89130514018c60a22e3","first_seen":"2025-09-03T16:33:36.550748Z","last_seen":"2026-03-12T08:11:54.074729Z","times_seen":889,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/bet365v2.jpg.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/bet365v2.jpg.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 12048\r\ndate: Wed, 03 Dec 2025 11:07:54 GMT\r\nx-oss-request-id: 69301A0A7FFDC2363897E660\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: aWRaEbn3Ug+vU2idzqZ7ug==\r\nx-oss-server-time: 6\r\nvia: ens-cache24.l2de4[0,0,304-0,H], ens-cache20.l2de4[1,0], ens-cache1.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\netag: \"69645A11B9F7520FAF53689DCEA67BBA\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 13812578787366314352\r\nage: 2250\r\nali-swift-global-savetime: 1764760074\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623245136523e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":12048,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"69645a11b9f7520faf53689dcea67bba","sha1":"33568b00a221e5d4a7fdee8fda375349572080b5","sha256":"acd420a630da28d9e370ad331c26837c1f968471fa8adb1a46e2c02f86ed181d","sha512":"acdeeb9c603462930ea6c1439e98de223eea304a64a888731b803e71e8697953810c8bb4fc9881c81153933905d90a6e7a760afafc7f7964830e57a791001427","ssdeep":"192:98gIHcRNbDQE4Mf8oDVmtRVeiZUvSAyxc2+od6SzWJcTOZfjR40PFzyorcFZ:HTRlMpMFmMiZU6pmWoSzWJ380dzy5FZ","tlshash":"2c42d18ea60d764eb61380bdd357d34a55720d4dfceabc3be0238529113b16b1772c15","first_seen":"2025-09-03T16:33:36.481539Z","last_seen":"2026-03-12T08:11:54.066672Z","times_seen":889,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/sun.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/sun.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 10176\r\ndate: Wed, 03 Dec 2025 11:10:42 GMT\r\nx-oss-request-id: 69301AB2A081513434D2C065\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\netag: \"7108E01EF9138EBFD67C91FB29CB2923\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 3434292821648763748\r\ncontent-md5: cQjgHvkTjr/WfJH7KcspIw==\r\nx-oss-server-time: 9\r\nvia: ens-cache37.l2de4[0,0,200-0,H], ens-cache21.l2de4[1,0], ens-cache11.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\nage: 2082\r\nali-swift-global-savetime: 1764760242\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623246236653e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":10176,"size_decoded":0,"mime_type":"font/otf","magic":"OpenPGP Public Key","md5":"7108e01ef9138ebfd67c91fb29cb2923","sha1":"dcbdc3c59f191bdb66eb282a5e3511edb62eb0d1","sha256":"40493a065122203e79824d79901ebf86c10c26681e2782b2b8fc15e368895f1c","sha512":"3e432559024e6d8d051a18582169d3b05773326c2a1001a3f1dc13a3c2d85c24a2c375a9f467ad927c2235e7a0ccbbbcfba6079157930d0207fc73e567c528b3","ssdeep":"192:fcV1UMbshQNM1fhUG8pqB4Dcxe5o1Yuwg46/gfmtqXoUJuha3f0zvh4NZm:fcMML61fhUG8pqBOivgf2qYUJFQ5h","tlshash":"ff22c1b2052d05875a9dffa127e53d1f4e600b121df50a359607179c1b32cbf9151fb6","first_seen":"2025-09-03T16:33:36.535805Z","last_seen":"2026-03-12T08:11:54.078143Z","times_seen":875,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/yongliv2.jpg.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/yongliv2.jpg.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 18768\r\ndate: Wed, 03 Dec 2025 11:11:13 GMT\r\nx-oss-request-id: 69301AD1F5B7DD3530C8C641\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: R/Xs176m+2DC65ZRMKtqng==\r\nx-oss-server-time: 4\r\nvia: ens-cache37.l2de4[0,0,304-0,H], ens-cache21.l2de4[1,0], ens-cache12.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"47F5ECD7BEA6FB60C2EB965130AB6A9E\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 144771093701938812\r\nage: 2051\r\nali-swift-global-savetime: 1764760273\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623246586690e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":18768,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"47f5ecd7bea6fb60c2eb965130ab6a9e","sha1":"79df686e71cbd14002b3ed129cd9072bab9d5804","sha256":"e27e5dff537f04897daa950b2d177d28fbf018067e76dc512ec5f4a6aa1ef9e1","sha512":"ac5056436af720955dbad9c1950a014b6448b867dddcc658179a3374a678b26468c65df0f1f35aae5796b706a5f8a3e44dc5988d7ab3efcd6bf0897cdde92102","ssdeep":"384:h8zr075Lg9XvF4+/yKNfkhB1DI8gnIOp9NjEs+oJlMhHc23JsTwg:ivv9XvV/yKahB1DIEOpcs+oJ2F2L","tlshash":"7782d0a47e8d0d5f0f260b66ecb6567f361241fcc92dbcea21412961aec730c16b419a","first_seen":"2025-09-03T16:33:36.511403Z","last_seen":"2026-03-12T08:11:54.062846Z","times_seen":870,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/o3.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/o3.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 6272\r\ndate: Wed, 03 Dec 2025 11:15:43 GMT\r\nx-oss-request-id: 69301BDEF5B7DD36326D5D46\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\netag: \"F81DF81D8CC99461A0AA98C1BE47D52A\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:25 GMT\r\nx-oss-hash-crc64ecma: 4590402592081478128\r\ncontent-md5: +B34HYzJlGGgqpjBvkfVKg==\r\nx-oss-server-time: 7\r\nvia: ens-cache13.l2de4[0,0,200-0,H], ens-cache10.l2de4[1,0], ens-cache4.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\nage: 1781\r\nali-swift-global-savetime: 1764760543\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623248856907e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":6272,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"f81df81d8cc99461a0aa98c1be47d52a","sha1":"5960ec0ccce538716e5a94cd9fea4f5017238568","sha256":"4efa1f49e42d2d4b9e2385449a3700fc2eac33bd7641dde8da6630d4257cd2a0","sha512":"43830883229ff0b08228b02cc091b7777612f4d10c0d95611c11148e7734f48b2cb174c29f450ef68dc28fd7be3ab7bd6b1410fd3dd76b701fcef11d99d55ba9","ssdeep":"192:k4x3T3Nw532n95nUwKm7Ec9sS8/hvqUj8:k4tbUUEdRSUY","tlshash":"2dd1a0a8ef2b7e09307860e034eb4ae7b1784878d841f5273d7211283939ae019fd5c9","first_seen":"2025-09-03T16:33:36.513085Z","last_seen":"2026-03-12T08:11:54.082575Z","times_seen":844,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/css/common.css","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/css/common.css HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:21 GMT\r\ncontent-type: text/css; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":945,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"22e4a4a67091bc25df59773911e943cf","sha1":"b09072e5924750e4446ecf29c95eb5f119ccffaf","sha256":"ac8fcefa8af575b992e7f41017e3e51f7fbea2a3f5840fa8270a7b03dfc9b5df","sha512":"a7f63fc140fe4088789721440e9cf439e4b32bb2f60867be41366d05b5280053c26e6958a7c7c7ff9ff3628cf203814885563f47250069660ac5fd7e24ec7b53","ssdeep":"","tlshash":"be11040047e32805ead1421e53dba3142f4d20476d8e98a4be18de60cfafa4bc1e1f9c","first_seen":"2025-12-03T11:45:54.657132Z","last_seen":"2025-12-03T11:45:54.657132Z","times_seen":1,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/js/Designer.js","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/js/Designer.js HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7007,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (5860)","md5":"abc39ce62985368aeb44b7b1bb43f0e4","sha1":"83abd7b13e44cac7873f2dbfdb8050b3ad644ff5","sha256":"4a51cf4e96fb8d58d3791e66ce44e0e4194ce3656139b1cb61a27697d9c67b42","sha512":"e72060a401dab41993fad26d5020291e0e305b70b08f8f5663a3c95f9fcf96eb5437615a428a1706e63721551392df94350fc2ce5df3d2ef4d0318dce048cde4","ssdeep":"96:yHPnlwH8oicjcm4QA1B/882hxTW2+983kpZKGP0nayd4A:ineocjcmcl882hxT+983kpZKGP0nai3","tlshash":"a7e1304e7114187c58ed9116d02f96067672683bfb4148bcbd996cf6d9e4e2a813f334","first_seen":"2024-08-20T15:08:00.808156Z","last_seen":"2026-01-31T07:21:37.900829Z","times_seen":6,"resource_available":true,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/03.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/03.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45564,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 770x450, components 3","md5":"12fcbbdb1d51436528168b2e2029910d","sha1":"c9284c699f460ff0be627f1a14c6da687abc540e","sha256":"7173919f3be9c928c1f7108298b704edd2676b20481c2a5a97fa9b99d17c58f5","sha512":"cb8fa9ff2fecd721fd70d9f7795400404830cf75fe49b66b822af478f850d5404f7d95c9597013e05da4528923db13ee4bfdc07f47f8606c49d70de770930a4d","ssdeep":"768:QHLef6ZHLY0b6cLRIJLS+Mjxh/iJm9uSCqlKqpwT2wY297+3dey/vWlzRQVMmpra:QSf6ZrwcLRIV2lv9x5Mq1wY29C3deGuf","tlshash":"6213e117ed4b7b43a0280bb97d8b1c55bf6d531cf4936c5c70634ba0ae74ea32d8a41a","first_seen":"2025-12-03T11:45:54.660575Z","last_seen":"2025-12-03T11:45:54.660575Z","times_seen":1,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannner-02.cfd/51la.js","fqdn":"bannner-02.cfd","domain":"bannner-02.cfd","tld":"cfd"},"ip":{"addr":"23.231.188.106","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:23.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannner-02.cfd","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Oct 2025 13:41:03 GMT","end":"Thu, 22 Jan 2026 13:41:02 GMT"},"fingerprint":{"sha1":"6B:82:F7:ED:65:ED:1A:B5:0D:1F:29:C3:3C:5B:F2:A1:46:CC:CA:6A","sha256":"BA:42:19:04:18:72:3F:A4:D3:49:EE:74:4F:80:44:D3:B4:51:64:88:9E:C9:D8:2D:C1:36:95:F4:4C:53:94:C3"}}},"request":{"raw":"GET /51la.js HTTP/1.1\r\nHost: bannner-02.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: uuWAF\r\nContent-Type: text/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nvary: accept-encoding\r\nlast-modified: Sat, 05 Jul 2025 06:55:44 GMT\r\nm-processed-time: 0.38673100000000005 ms\r\ncontent-encoding: gzip\r\ndate: Wed, 03 Dec 2025 11:45:23 GMT\r\nX-Waf-Cache: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":950,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (950), with no line terminators","md5":"652eef04b809d40d63f8e7fca2f1c09a","sha1":"d8e319c771caab69482ba9be40202e5a025b9491","sha256":"3a4713bb53234d93050f7530c0ac137bb703bef2aef2374c9d55b1b3b661bee8","sha512":"0b421d627ff674c18f3355fdaadb415bfabf55967413b0adbe65122e228130030b6b3e55160b23bb8d4da98d82576e4eee3c443a181df376eed3c6a764b06e14","ssdeep":"","tlshash":"c811b17e79573ca21207f0170bfbc02d32d1518c166b40c0f46ca188bf58ad5901b75c","first_seen":"2025-07-08T21:23:31.868219Z","last_seen":"2026-04-06T21:02:23.458213Z","times_seen":834,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/huobo.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/huobo.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 5696\r\ndate: Wed, 03 Dec 2025 11:14:06 GMT\r\nx-oss-request-id: 69301B7E9932F13636EEF442\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: ximT3XyW00ksJIKzQVyVWw==\r\nx-oss-server-time: 8\r\nvia: ens-cache34.l2de4[0,0,304-0,H], ens-cache36.l2de4[1,0], ens-cache4.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"C62993DD7C96D3492C2482B3415C955B\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:13 GMT\r\nx-oss-hash-crc64ecma: 16231537361387094329\r\nage: 1878\r\nali-swift-global-savetime: 1764760446\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623244776483e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5696,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"c62993dd7c96d3492c2482b3415c955b","sha1":"3880a1507942f2f61c12265b37cab28a97e7fa56","sha256":"3a48bb5a921ad7cf8eab9a61ea2287f2598502fd55739d94538664631c76ae28","sha512":"52370c455376ecb11ee5f8f4590826b064f2e5eebd788c92fb1133562d840b9d8397e789424a8b31cd64ee9bfe69e794538f00ef78dbc2223ce6452c7f2c7966","ssdeep":"96:4gcDB8WGQmt2THu1gh5LZzhPPiBTZrkITXY1uKgfCQKDAebhqD:l2B3GNtMCsZtPWpNY1uRAAYhqD","tlshash":"72c16def30addf12406929f686a4610994cace5501bac0294b63a7cdf831198da27fca","first_seen":"2025-09-03T16:33:36.522914Z","last_seen":"2026-03-12T08:11:54.08206Z","times_seen":882,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/h4.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/h4.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 2976\r\ndate: Wed, 03 Dec 2025 11:15:43 GMT\r\nx-oss-request-id: 69301BDFE80D013734C864B1\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: yRbJircmvlCthIqKK8uPPA==\r\nx-oss-server-time: 8\r\nvia: ens-cache12.l2de4[0,0,304-0,H], ens-cache5.l2de4[1,0], ens-cache10.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\netag: \"C916C98AB726BE50AD848A8A2BCB8F3C\"\r\nlast-modified: Wed, 24 Sep 2025 10:56:27 GMT\r\nx-oss-hash-crc64ecma: 12211000741100375803\r\nage: 1781\r\nali-swift-global-savetime: 1764760543\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623249236930e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":2976,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"c916c98ab726be50ad848a8a2bcb8f3c","sha1":"339db709496a570c20060dffd1d2ebd7384c944b","sha256":"bfe250accafb70d77c5dcddcc9576eb3fa4e1132f1a109c3209d38a362c0efe6","sha512":"abdc4bc0802e6e263613f73a0626ffb0f84a1ab16c5701c603038321284e7f67de5853a69f2d1458d936165e81dfebec16c95d431fb22da9644768383115421d","ssdeep":"","tlshash":"ab514aae803abbaed82884175e678b556a092cb2778f4015d595e3f2583c4ecd4c5a0b","first_seen":"2025-09-03T16:33:36.529475Z","last_seen":"2026-03-12T08:11:54.06346Z","times_seen":840,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-08-08/ee9187b3d81e4c139eb7e20a9bd26be5.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-08-08/ee9187b3d81e4c139eb7e20a9bd26be5.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55432,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 786x1181, components 3","md5":"17f4d3fa39b40e12abd1d814a9aba7a5","sha1":"05200e98801d3306ce5692cab3604a05411bd508","sha256":"a5e5ffb0b3389061e14da023c1f75231274ea8b14cd954fc7fabb0600de93caa","sha512":"7e0502fc759251d689dee87a2f05f5edf90c498768d60ae5a5dbda34dc29d62ac3a01f38040a636273bc2ef909d9b682dc14557a93a0a31452b787e56918bda8","ssdeep":"768:gmzkLdelset8xmlpq3A5pfsvSieAQICz05/mPJdh391YrerTT9gL1ccLEFG:gmQLQaeh8oWzeb05ePbh39CWG1kG","tlshash":"ee435b13cc059b87a11987ec7e475ebd1f1a6b49f89237ff04220ecb3e665654d4b02a","first_seen":"2025-12-03T11:45:54.663155Z","last_seen":"2025-12-03T11:45:54.663155Z","times_seen":1,"resource_available":false,"data":null}},"time_used":875,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":875,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannner-02.cfd/sttcs/?channel=88801\u0026ref=","fqdn":"bannner-02.cfd","domain":"bannner-02.cfd","tld":"cfd"},"ip":{"addr":"23.231.188.106","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:22.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannner-02.cfd","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Oct 2025 13:41:03 GMT","end":"Thu, 22 Jan 2026 13:41:02 GMT"},"fingerprint":{"sha1":"6B:82:F7:ED:65:ED:1A:B5:0D:1F:29:C3:3C:5B:F2:A1:46:CC:CA:6A","sha256":"BA:42:19:04:18:72:3F:A4:D3:49:EE:74:4F:80:44:D3:B4:51:64:88:9E:C9:D8:2D:C1:36:95:F4:4C:53:94:C3"}}},"request":{"raw":"GET /sttcs/?channel=88801\u0026ref= HTTP/1.1\r\nHost: bannner-02.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: uuWAF\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nm-processed-time: 0.476348 ms\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\nX-Waf-Cache: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4077,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3369)","md5":"cfd8c36f94b59eb386dd6806ddd94b9b","sha1":"3bbc28b16d9415b3aa282adfb57c7359973e91a5","sha256":"f920f55cbaf4b0f9150d10ccf0f7f5b22cfb52165fe565e11a51416c56b7d80b","sha512":"76e90f60200b531d65803912f35732667f4676a20508a427dd4d083e8d90514a46cc911fdff58dea315ca736e88ace20fc117a3a70bd735e66ec3368de8c1c92","ssdeep":"","tlshash":"4c8111136d808d41b3a3073fb669b04cda76dd4b2e454897f428ac986fd7b74e5c2630","first_seen":"2025-11-05T12:34:36.968916Z","last_seen":"2025-12-22T10:27:04.438524Z","times_seen":276,"resource_available":false,"data":null}},"time_used":1263,"timings":{"blocked":506,"dns":1,"connect":247,"send":0,"wait":251,"receive":0,"ssl":254},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/huobo.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/huobo.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 5696\r\ndate: Wed, 03 Dec 2025 11:14:06 GMT\r\nx-oss-request-id: 69301B7E9932F13636EEF442\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: ximT3XyW00ksJIKzQVyVWw==\r\nx-oss-server-time: 8\r\nvia: ens-cache34.l2de4[0,0,304-0,H], ens-cache36.l2de4[1,0], ens-cache4.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"C62993DD7C96D3492C2482B3415C955B\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:13 GMT\r\nx-oss-hash-crc64ecma: 16231537361387094329\r\nage: 1878\r\nali-swift-global-savetime: 1764760446\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623244866493e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5696,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"c62993dd7c96d3492c2482b3415c955b","sha1":"3880a1507942f2f61c12265b37cab28a97e7fa56","sha256":"3a48bb5a921ad7cf8eab9a61ea2287f2598502fd55739d94538664631c76ae28","sha512":"52370c455376ecb11ee5f8f4590826b064f2e5eebd788c92fb1133562d840b9d8397e789424a8b31cd64ee9bfe69e794538f00ef78dbc2223ce6452c7f2c7966","ssdeep":"96:4gcDB8WGQmt2THu1gh5LZzhPPiBTZrkITXY1uKgfCQKDAebhqD:l2B3GNtMCsZtPWpNY1uRAAYhqD","tlshash":"72c16def30addf12406929f686a4610994cace5501bac0294b63a7cdf831198da27fca","first_seen":"2025-09-03T16:33:36.522914Z","last_seen":"2026-03-12T08:11:54.08206Z","times_seen":882,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/01.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/01.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":79270,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 770x450, components 3","md5":"3b620b4f2e7636da2654bdb6ea8ce937","sha1":"b1d882d5aec92ecddaad003e8aef29f04656b1f7","sha256":"3ffd86bc0b79e836bf154d32d91e08978b651ad45f21c6261c3eb69c73930908","sha512":"9f1fae1c7365e86ba5e0fe9710ff3c83e508ddf62549609e5969084dfe08e1825623b889d90245dc7163013f34daada3dc62e9feec4dae60af4099e66f919cdf","ssdeep":"1536:QMGh5OS93bK1RnsaOBjswpeJX4wgZZD1Obyp2ymy5jqf7:vGhIWK1RA7eJIwgP1/cOjqf7","tlshash":"9c731222117afa6ddf784279fea3e383a8d9ddc739942142d819b065f5068af01c06dc","first_seen":"2025-12-03T11:45:54.665078Z","last_seen":"2025-12-03T11:45:54.665078Z","times_seen":1,"resource_available":false,"data":null}},"time_used":728,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":728,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/yiyuan.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/yiyuan.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17041,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 374x221, components 3","md5":"4a6f9b4b719405dad8396b3b37a9b02f","sha1":"6bc524aa20176b67d34bcf5f732da12b7e11da2e","sha256":"9fba62da42a3a76c33e2e38d4b0bb0d134f90d76753be3ed38938a97c979b8ef","sha512":"1e026ea5f9803c8815acef649a81bba27633d58c057041d5869cd34cd05c0e815a2068813ba3e27881aaa4e6209ae9812f0b9af2e35f844b47ba9b40a72ce4e7","ssdeep":"384:iQaIMeIm8WICA2jx0gu4VSMkGhuKkEoigBz9iwGZgR1ErRB:iQvMe+VCA2KmT1uaLgerRB","tlshash":"ea72c06a4e253809dfd21c9e31a6afd4231c9d447dc47d7b14192e8acf03db645d893d","first_seen":"2025-12-03T11:45:54.666303Z","last_seen":"2025-12-03T11:45:54.666303Z","times_seen":1,"resource_available":false,"data":null}},"time_used":882,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":882,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/sun.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/sun.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 10176\r\ndate: Wed, 03 Dec 2025 11:10:42 GMT\r\nx-oss-request-id: 69301AB2A081513434D2C065\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\netag: \"7108E01EF9138EBFD67C91FB29CB2923\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:11 GMT\r\nx-oss-hash-crc64ecma: 3434292821648763748\r\ncontent-md5: cQjgHvkTjr/WfJH7KcspIw==\r\nx-oss-server-time: 9\r\nvia: ens-cache37.l2de4[0,0,200-0,H], ens-cache21.l2de4[1,0], ens-cache11.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\nage: 2082\r\nali-swift-global-savetime: 1764760242\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:30 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623246316668e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":10176,"size_decoded":0,"mime_type":"font/otf","magic":"OpenPGP Public Key","md5":"7108e01ef9138ebfd67c91fb29cb2923","sha1":"dcbdc3c59f191bdb66eb282a5e3511edb62eb0d1","sha256":"40493a065122203e79824d79901ebf86c10c26681e2782b2b8fc15e368895f1c","sha512":"3e432559024e6d8d051a18582169d3b05773326c2a1001a3f1dc13a3c2d85c24a2c375a9f467ad927c2235e7a0ccbbbcfba6079157930d0207fc73e567c528b3","ssdeep":"192:fcV1UMbshQNM1fhUG8pqB4Dcxe5o1Yuwg46/gfmtqXoUJuha3f0zvh4NZm:fcMML61fhUG8pqBOivgf2qYUJFQ5h","tlshash":"ff22c1b2052d05875a9dffa127e53d1f4e600b121df50a359607179c1b32cbf9151fb6","first_seen":"2025-09-03T16:33:36.535805Z","last_seen":"2026-03-12T08:11:54.078143Z","times_seen":875,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/003.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:22.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/003.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":136189,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x550, components 3","md5":"101b94eee24e669d0e666332800a1279","sha1":"ac84000b50ff5ba482201b37d508e44f7f98bae2","sha256":"3d7b9bfb21638bdc803f0e116d5cb8cb4d1e3885dbd6c6d39495337cadcbef69","sha512":"283e7a7e0a99ab5285c14e877561b98eca24132128c5560d96d8d914bc24a5f0824ecd7c052b6d3a1e165575ce47ae268be43fc273063c73528ba8d7c11b20b7","ssdeep":"3072:dCILIyyaA9C613+5FaptjmBHCwxcPC+OXPy8T3:II8oYP6ojmBHCwwu","tlshash":"e8d312a2199520a32fc395fd87cea3b27dd877c1f9015121cbea8da5223cdb7d64510b","first_seen":"2025-12-03T11:45:54.667599Z","last_seen":"2025-12-03T11:45:54.667599Z","times_seen":1,"resource_available":false,"data":null}},"time_used":528,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":528,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-08-08/5f1cc12c505041bdc4a4e6d7d8e04c3d.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-08-08/5f1cc12c505041bdc4a4e6d7d8e04c3d.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8406,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 374x151, components 3","md5":"342d46cdf2f515f799c4f97f64ad7073","sha1":"fc576edcf82bd14d00ce3624ab38eea8450bf0fe","sha256":"554c746c5a4b4a0ec9f829352620690f8ca5f15dc78a555cc7dda31b404087c1","sha512":"f26aff384d08c0c08dd2b83b4fa3031f4df0cba5ac8020aa27c6dcf850d68009373f2517a24733d292731571c51ffc7561e45ec6daa436988362e3493a113101","ssdeep":"192:LwstXQr72X4JdS8DEk1D9DfZGQhOOdD+WNz68/vx:0QXQXLSQEk1D9DfldD+Wn/vx","tlshash":"aa02af017fc159046f162979dc7b262f697a5e7830c076fa8c27e9454908ef8cce6c99","first_seen":"2025-12-03T11:45:54.668916Z","last_seen":"2025-12-03T11:45:54.668916Z","times_seen":1,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-07-30/95deb433c5be9d849f524fd29131a946.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-07-30/95deb433c5be9d849f524fd29131a946.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9405,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 374x151, components 3","md5":"4b1b0678146dbd6d146bd2df7c655d84","sha1":"0811d5674a0eff10978308cf58fbf0704622b1a0","sha256":"9f57b96b0c22a6c3616fcd0901b43d37af6f538617083761ac667b4879e82b29","sha512":"e73871cd0dcc76b58ebd9dde98c2d286875eaf921bb33d5cfe50c6040e504fc075d0c334d5d516054bde85eee0884c4fc337413a308d6d190d3165696276844d","ssdeep":"192:LwcIyq2XGNsIXtnY0R8iviZq/SWFrQ+ySgU0whERssR8EM:0cJq2WNjt5RzvWqSmQOissR8EM","tlshash":"4212cf257e56e00b3f2986f5920d3bfd908054c1b92f74b415a65f7d2c60c3da62d29d","first_seen":"2025-12-03T11:45:54.670294Z","last_seen":"2025-12-03T11:45:54.670294Z","times_seen":1,"resource_available":false,"data":null}},"time_used":903,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":903,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/h_pic4_03.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/h_pic4_03.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1637,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced","md5":"54c2337dfbda2cbd6daeacf041ac9de1","sha1":"470c166cb841457acc368a87eae685c544203d56","sha256":"d7d4d82990a1ea091b690f63963d5c36da58c157055f1031f33d48800adb6f1a","sha512":"a7d822a1474f0dcdff87a87d4049e819c259da983dfa26433e6008036364c908af2a701aaaafbdfc95f087826735bd849b75906eccc3bb9ed5459e4e4da8c410","ssdeep":"","tlshash":"a9310cb8c6f7b381796dfdadbb99751492d88d006ad40405e83908e384e54153565c45","first_seen":"2025-12-03T11:45:54.671551Z","last_seen":"2025-12-03T11:45:54.671551Z","times_seen":1,"resource_available":false,"data":null}},"time_used":895,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":895,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.0316gov.com/common/images/foot1.jpg","fqdn":"a.0316gov.com","domain":"0316gov.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.961Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /common/images/foot1.jpg HTTP/1.1\r\nHost: a.0316gov.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-08T07:38:16.649537Z","times_seen":13494560,"resource_available":true,"data":null}},"time_used":732,"timings":{"blocked":732,"dns":0,"connect":241,"send":0,"wait":0,"receive":0,"ssl":243},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/favicon.ico","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:23.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:23 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-08T07:38:16.649537Z","times_seen":13494560,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/bet365v2.jpg.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/bet365v2.jpg.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 12048\r\ndate: Wed, 03 Dec 2025 11:07:54 GMT\r\nx-oss-request-id: 69301A0A7FFDC2363897E660\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: aWRaEbn3Ug+vU2idzqZ7ug==\r\nx-oss-server-time: 6\r\nvia: ens-cache24.l2de4[0,0,304-0,H], ens-cache20.l2de4[1,0], ens-cache1.nl3[0,0,200-0,H], ens-cache3.nl3[1,0]\r\netag: \"69645A11B9F7520FAF53689DCEA67BBA\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 13812578787366314352\r\nage: 2250\r\nali-swift-global-savetime: 1764760074\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623245216538e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":12048,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"69645a11b9f7520faf53689dcea67bba","sha1":"33568b00a221e5d4a7fdee8fda375349572080b5","sha256":"acd420a630da28d9e370ad331c26837c1f968471fa8adb1a46e2c02f86ed181d","sha512":"acdeeb9c603462930ea6c1439e98de223eea304a64a888731b803e71e8697953810c8bb4fc9881c81153933905d90a6e7a760afafc7f7964830e57a791001427","ssdeep":"192:98gIHcRNbDQE4Mf8oDVmtRVeiZUvSAyxc2+od6SzWJcTOZfjR40PFzyorcFZ:HTRlMpMFmMiZU6pmWoSzWJ380dzy5FZ","tlshash":"2c42d18ea60d764eb61380bdd357d34a55720d4dfceabc3be0238529113b16b1772c15","first_seen":"2025-09-03T16:33:36.481539Z","last_seen":"2026-03-12T08:11:54.066672Z","times_seen":889,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/h_pic1_03.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/h_pic1_03.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1379,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced","md5":"4a3bf6df7b846a15730ccee0472d4fa5","sha1":"883cce3588cca104371c47de0902b181a28137d1","sha256":"f287d0414fa84f610a835f03d94135bc782aa14ac84c34b4e0b6dd678f38105f","sha512":"ee500647d8ada4c70add1a0e17d452861cdc61c1ccbe88f2950d72195088d587f3f81604b859bd29e28a08ccc971caaba6f490df7cd6fcad608eaffc72286560","ssdeep":"","tlshash":"ac21088cbb42cb7ed7b74217d28d190959680b99cc82434f3013a637daea313b0749cb","first_seen":"2025-12-03T11:45:54.672604Z","last_seen":"2025-12-03T11:45:54.672604Z","times_seen":1,"resource_available":false,"data":null}},"time_used":582,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":582,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/arrLeft.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/arrLeft.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":275,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 44, 8-bit/color RGBA, non-interlaced","md5":"9e8b88cb1787ed5a6b51ca5fe0ec6b28","sha1":"597219fa262db7a462b2b6b2d78da22e77b14a4f","sha256":"f16f1c658f6ebdee50c01e250dc79964647a0080f42bf22ac3edb40f04467471","sha512":"816f3090907d8dcc0af30548617a59f93bbd8ea6d3c972b44d0ec5f02aa8428d83dc69c5bff7dfa448be6f60ca3daf48e0e02a91e42be5a9f5e32c3ef7c63b61","ssdeep":"","tlshash":"5ad0ebc32b92b8b9cd8bc3ba13687832dc1003980d854209c007a8601a133500478f8e","first_seen":"2025-12-03T11:45:54.673775Z","last_seen":"2025-12-03T11:45:54.673775Z","times_seen":1,"resource_available":false,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":879,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/upload/2019-08-08/a8f97b8d41e31932a4bd9ca337d28547.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /upload/2019-08-08/a8f97b8d41e31932a4bd9ca337d28547.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131044,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 353 x 467, 8-bit/color RGB, non-interlaced","md5":"62e25e39b28c1073b2c3baeef3833a21","sha1":"4e87075886569b1a3e3b0c30b73f909bc10fec3a","sha256":"f6a69216be451574c1f7ee3a4b5dab67070353291e613ad2fef4ebcffe2f8277","sha512":"e5155d2f7bd2b1526a5419cee723727f61c01777c5d62385bf71199ec36637719e8f192b4a78fe5cbf27e0e37e575b358c4521852b3a82e18e9064dfcdc8093d","ssdeep":"3072:gRqO/5EuQ2D12ht/76RGE/Scodb+O0Mektoncbc4XsQ:oH/5EuQ2RkDkGE/rmr0tn+cWsQ","tlshash":"53d3122be7f005b23e8c19330738981c59851c891e3d15336b5be770629ba925fb9ded","first_seen":"2025-12-03T11:45:54.674956Z","last_seen":"2025-12-03T11:45:54.674956Z","times_seen":1,"resource_available":false,"data":null}},"time_used":635,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":635,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/xian_03.png","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/xian_03.png HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 578, 8-bit/color RGB, non-interlaced","md5":"8e79b2e9a2357cd06a7cc6749b9c23ba","sha1":"457949ba5d494c899e949ec8be91882ad991cf2b","sha256":"86e353430f364353012f5ddf8332a165c5652274f4dd0eeda9b69c78de988c64","sha512":"d82cfe9cc90f5439f228d6beb62d70eb725ccbebc7180317e18c6e71d467bb7b4f28827e3e95e02c04c5048592588b5425f524b806189d2a4b3c50aa1984f113","ssdeep":"","tlshash":"d2b012e143501c60c7c111f31120d531dd2152350a0204185445d21d1429908a085542","first_seen":"2025-12-03T11:45:54.676182Z","last_seen":"2025-12-03T11:45:54.676182Z","times_seen":1,"resource_available":false,"data":null}},"time_used":552,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":552,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.wineedu.org/themes/default/images/001.jpg","fqdn":"www.wineedu.org","domain":"wineedu.org","tld":"org"},"ip":{"addr":"107.163.230.132","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:22.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.quickbeltsystem.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 12:18:52 GMT","end":"Sun, 08 Feb 2026 12:18:51 GMT"},"fingerprint":{"sha1":"45:82:4D:8F:E5:45:D0:13:2A:FA:DE:43:EB:CC:03:4B:C4:E6:97:C3","sha256":"4C:E4:01:11:E3:BC:18:3D:76:22:B0:E2:85:22:EA:26:C7:51:FC:94:0C:74:81:CA:17:86:15:23:4B:EF:17:BD"}}},"request":{"raw":"GET /themes/default/images/001.jpg HTTP/1.1\r\nHost: www.wineedu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 11:45:22 GMT\r\ncontent-type: image/jpeg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":219403,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x550, components 3","md5":"24f7eee98117ad079d008d3386c728a9","sha1":"82ec6944d4a273357684b42537514d394169e7e0","sha256":"583bfbc59f8a88e88574635266e9fdf083419892d474a4a3f24913a38988fd74","sha512":"d5982ff73a847b017669c74d8818e9491f2967e443a411443e310090701ad665317e35c25dcc43762d249f1d26ef97f53c48fc7af50d1c4b90650b503f37327f","ssdeep":"6144:YruQ1kU2MJEoRbOXbQPtgtFZAirmTHrtOFFi/:jQ1kUbJEolOrQPCfVkHrY6/","tlshash":"ea2423d7ea0732eda6bc90d7ce5272df036ea33ef69d10ba07151b59cc584a4a8c4235","first_seen":"2025-12-03T11:45:54.677408Z","last_seen":"2025-12-03T11:45:54.677408Z","times_seen":1,"resource_available":false,"data":null}},"time_used":530,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":530,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/js/chunk-vendors.154c5a48.js","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:23.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/js/chunk-vendors.154c5a48.js HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bannner-02.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: application/javascript\r\ncontent-length: 208195\r\ndate: Tue, 02 Dec 2025 20:32:53 GMT\r\nx-oss-request-id: 692F4CF4D4BE203431B76EF8\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: J6mLwpWBKQ7iyNIbt7y4Qg==\r\nx-oss-server-time: 14\r\nvia: ens-cache26.l2de4[0,0,304-0,H], ens-cache6.l2de4[2,0], ens-cache7.nl3[0,0,200-0,H], ens-cache3.nl3[4,0]\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 05 Nov 2025 05:51:38 GMT\r\nx-oss-hash-crc64ecma: 14758750241297720560\r\ncontent-encoding: gzip\r\nage: 54750\r\nali-swift-global-savetime: 1764707573\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 31824\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623239875968e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":677706,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (54804)","md5":"27a98bc29581290ee2c8d21bb7bcb842","sha1":"22d2f2bef2cff848801c77f489c9445a7dc3ab29","sha256":"0e07e1db7d546c1bdbc7d56ffb93c7fcc57747991745e5f1647305f0fdfba27a","sha512":"f49d32fb02e460a92a5ab6a128920f303b9d729a6827391308d2d1506db2a434d28ebfe87d794d1d644653d98e7d2b3e1a0ec7dd9b63652d338c198887d34332","ssdeep":"3072:1HebuXPLjTXzYWbmkHebuXPsFgXQT5zXbGpLsev6ns106LHebuXPVPyO9STA49oC:FzqXCNvms17Ph9Sk49opw6ahvGxjI","tlshash":"4ce4c884b774b022879d3ae4092b504ff279fa2d684740bcf268e4f57cb9585663af34","first_seen":"2025-11-05T12:34:36.978106Z","last_seen":"2026-01-22T12:34:56.039727Z","times_seen":299,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":82,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/gf.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/gf.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 7248\r\ndate: Wed, 03 Dec 2025 11:05:35 GMT\r\nx-oss-request-id: 6930197F9932F1363582153A\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: fwLLJfbqvLaPgNf2ya7ylA==\r\nx-oss-server-time: 6\r\nvia: ens-cache24.l2de4[0,0,304-0,H], ens-cache31.l2de4[0,0], ens-cache12.nl3[0,0,200-0,H], ens-cache3.nl3[0,0]\r\netag: \"7F02CB25F6EABCB68F80D7F6C9AEF294\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:14 GMT\r\nx-oss-hash-crc64ecma: 14846563367258194295\r\nage: 2389\r\nali-swift-global-savetime: 1764759935\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623242546231e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":7248,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"7f02cb25f6eabcb68f80d7f6c9aef294","sha1":"806e2335841cf01333441d877c5f63e9a6c08649","sha256":"4cafdb32238c727db07aa4a17a66332a883d73f041fbeae6656c3914c1f03812","sha512":"e69bc0f3d6fdbb634b24b88f57a5fc65611d69b2d91d9c275f6d05c9502d956823ee37739f64be4e98fba512ec6ddcc63508d99326e7e3488283809b03850f7b","ssdeep":"192:pIJ4GOl/PwNVhhCyejkp96ydUDOJD3OcZM2qn/Uy:Ets/PW05ji96ydQO9+Mqcy","tlshash":"63e1ae8c4bc043cf791631d79bdab4299b57a69ac05e8a50f5e7360b21b12acec4f138","first_seen":"2025-09-03T16:33:36.505647Z","last_seen":"2026-03-12T08:11:54.062239Z","times_seen":889,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sadasd.dgxmwl56.com/v2/otf/new_h2_2_bg.png.otf","fqdn":"sadasd.dgxmwl56.com","domain":"dgxmwl56.com","tld":"com"},"ip":{"addr":"47.246.48.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bannner-02.cfd/sttcs/?channel=88801\u0026ref=","date":"2025-12-03T11:45:24.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dgxmwl56.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 10:35:19 GMT","end":"Wed, 10 Dec 2025 10:35:18 GMT"},"fingerprint":{"sha1":"61:30:5F:86:8E:6E:7B:C2:1B:C6:7D:73:40:14:46:0D:B0:2F:D4:4B","sha256":"71:AD:F5:78:25:7F:AB:4F:88:8E:97:AE:6D:16:B9:AD:D1:7E:AC:7D:BD:65:7D:D3:C2:A4:C7:8A:9F:C6:82:EA"}}},"request":{"raw":"GET /v2/otf/new_h2_2_bg.png.otf HTTP/1.1\r\nHost: sadasd.dgxmwl56.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bannner-02.cfd/\r\nOrigin: https://bannner-02.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Tengine\r\ncontent-type: font/otf\r\ncontent-length: 9216\r\ndate: Wed, 03 Dec 2025 11:12:33 GMT\r\nx-oss-request-id: 69301B2172AE9E3137CAAE13\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\ncontent-md5: SxgOqE7PuZJd6GYwEUMPjA==\r\nx-oss-server-time: 5\r\nvia: ens-cache21.l2de4[0,0,304-0,H], ens-cache28.l2de4[1,0], ens-cache1.nl3[0,0,200-0,H], ens-cache3.nl3[2,0]\r\netag: \"4B180EA84ECFB9925DE8663011430F8C\"\r\nlast-modified: Fri, 05 Sep 2025 03:26:12 GMT\r\nx-oss-hash-crc64ecma: 10263721311128828130\r\nage: 1971\r\nali-swift-global-savetime: 1764760353\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:42:29 GMT\r\nx-swift-cachetime: 3600\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: 2ff6309717647623244426452e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":9216,"size_decoded":0,"mime_type":"font/otf","magic":"data","md5":"4b180ea84ecfb9925de8663011430f8c","sha1":"799c1348f4a0d2493e91709dc6d7965d61bb7b35","sha256":"2e0180f69a72b25cbfba62ef0a0897f9541f7ff5b0c2a7c18bcdfacc208838f6","sha512":"61b1368c748119fb089c81c385fadcd8ee87e4e2e404d6706c44ee61688dae92dcbc6f8f3c253db1680d00db539dc6d3fbcf4313f2e024f43f9e0683a20924a7","ssdeep":"192:ZI1QJrmbSy7pRGYsH84w8AFV8WeeKhUApzy7VXBp9RETnUm6wRqVW9W/rbwRqXBs:ZIWUpMLc4CAheKhU2ypXBCTFb0zbwCBs","tlshash":"a312d0038b4ddc5d5deb96f7bbf394924a17e9c215f708bdc2e89130514018c60a22e3","first_seen":"2025-09-03T16:33:36.550748Z","last_seen":"2026-03-12T08:11:54.074729Z","times_seen":889,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sadasd.dgxmwl56.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"at.alicdn.com/t/font_692868_p3glnasfvba.css","fqdn":"at.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.wineedu.org/","date":"2025-12-03T11:45:21.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 16 Jun 2025 09:41:05 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"64:77:72:8B:BB:58:44:79:90:C3:B0:8D:35:BC:EC:6C:D6:35:BD:83","sha256":"3D:49:49:78:42:46:FF:F7:52:9B:6B:82:DF:7E:54:4B:F9:BA:D8:34:14:1D:21:67:63:4E:5B:62:A1:D8:85:B5"}}},"request":{"raw":"GET /t/font_692868_p3glnasfvba.css HTTP/1.1\r\nHost: at.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.wineedu.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/css\r\ndate: Tue, 02 Dec 2025 04:06:02 GMT\r\nvary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Origin\r\nx-oss-request-id: 692E65AA5859823938C40178\r\netag: W/\"272EADCEA855350DB83A7B509CD604BF\"\r\nlast-modified: Sat, 25 Dec 2021 03:19:59 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14306191621865387475\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=63072000\r\ncontent-md5: Jy6tzqhVNQ24OntQnNYEvw==\r\nx-oss-server-time: 34\r\nvia: ens-cache10.l2de4[0,0,200-0,H], ens-cache16.l2de4[1,0], ens-cache17.se2[24,23,200-0,M], ens-cache2.se2[25,0]\r\nage: 113959\r\nali-swift-global-savetime: 1764648362\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 11:45:21 GMT\r\nx-swift-cachetime: 62958041\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9617647623219526239e\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":17223,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14887)","md5":"272eadcea855350db83a7b509cd604bf","sha1":"ddf99320c1cf811dddc553cc49241b8b8aad0019","sha256":"49cb1e74cfd98a426634c9a595fd18c362654121793ae96c82a373c4ee64f05b","sha512":"6c1773cdd9fafdd09ce0906d330da294be31da021b044910b8e8b2b5cba51bae5c3d0cf8004813d6fe413410311a33c1dc76d47cf18bf99e891a3cfb1fe15045","ssdeep":"384:0BWeVk9a4nYSP6YFeoEx8eRCCEw7AgHporRmXw4FP:OkZ6YM9Cl4nHpumg4V","tlshash":"68728ef59dbc3c612791e041e7437b408f85b66b8d014c8fa2067cacebeb64c6097ad9","first_seen":"2025-12-03T11:45:54.679353Z","last_seen":"2025-12-03T11:45:54.679353Z","times_seen":1,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":78,"dns":50,"connect":7,"send":0,"wait":33,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}