{"report_id":"e99f82e4-f754-4f6b-841e-384761f3e978","version":0,"status":"done","tags":[],"date":"2026-07-01T00:32:11Z","url":{"schema":"http","addr":"j101f.vip","fqdn":"j101f.vip","domain":"j101f.vip","tld":"vip"},"ip":{"addr":"103.27.177.163","port":0,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"18091.xyz/home","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"title":"welcome-BET365","dom":{"size":62562,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (34037)","md5":"0b2ee5ee7ec4d9de8071e8da38abdd7b","sha1":"1074b8b917f1217fb25e3e57dfacb04b3d9dce9f","sha256":"be0c5082969b68d77432a22a60b87d861c499eb7ff48bdc2266896275bff68c2","sha512":"0f6f2e9d6be29f8f3f6bf88d3e3c527194b41b2f06a6ee7ab67a3ea8a3bead49093ae6c56032dfbfb870b6bab9c9cc27bddf96fa3a5ce2f1d7196003a61417d1","ssdeep":"768:3RXqrJRArjnfhayIWOsBComl9VBxJGiNYiKop/E6wkpcu2llQ:BCAr9ml9rxJPhfbO1lQ","tlshash":"6c536c70d426077aa537064dba7fb71c20e6304beb569c84b3ac47820fe5ec4d876ad2","dom_hash":"domhash6259c245a1d9610e5518383733057da8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"j101f.vip","fqdn":"j101f.vip","domain":"j101f.vip","tld":"vip"},"ip":{"addr":"103.27.177.163","port":0,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-05T00:32:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"ssl.hw301.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ssl.hw301.xyz","ip":{"addr":"23.224.132.157","port":8900,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2026-04-19","domain_rank":0,"first_seen":"2026-04-22T11:08:02.807624Z","last_seen":"2026-06-26T22:48:03.952715Z","alert_count":1,"request_count":1,"received_data":253,"sent_data":545,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"18091.xyz","ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-06-28","domain_rank":0,"first_seen":"2026-07-01T00:26:49.071722Z","last_seen":"2026-07-01T00:26:49.071722Z","alert_count":0,"request_count":19,"received_data":2876676,"sent_data":8471,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"j101f.vip","ip":{"addr":"103.27.177.164","port":80,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-06-22","domain_rank":0,"first_seen":"2026-07-01T00:23:22.550771Z","last_seen":"2026-07-01T00:23:22.550771Z","alert_count":6,"request_count":2,"received_data":129,"sent_data":872,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"18091.xyz/js/index-399e2569.1781011881923.9d909473.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a89a32dae8cc80557b581a69e02f0d02","sha1":"00f9cfeca127af0a139c0670ed8d2e2e7ccf673b","sha256":"6f97c8ce9605a8e9e80a699696c70ec26a4b9bce20badaa6947bf4e5ac52e9d2","sha512":"2ca5bc054575932085e6cd6529613a94f145aa9a3b7731fb85b97b27286a882043110ab45b7eb4673228185ce1560b47968d3aa7b77492f17abf82e778076a9b","ssdeep":"384:pZTANHmDGIaVPkrTBTcK8K+Ehn6A3zgJ9Ks/fT5qZsxbt85F3oWf0Af/nwtU8Zci:znDGIYPkPVf8K5hn33UnKofy5FYxAfPY","tlshash":"e2b2b6e63392bdb8c24f9676f23a58ecc43f9141c30fc4f8d265bd947d98644aa92784","size":23775,"data":"","first_seen":"2026-06-12T19:29:57.227313Z","last_seen":"2026-07-01T02:35:43.810884Z","times_seen":106,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"2bbd69200a3d758f89e8076a123ed982","sha1":"dfe2d66f2d85ddc2008401ed15dcba3515392f37","sha256":"b79cd0c532adb639e6139c9394527b217982efdbff4969494986edacd943e2b7","sha512":"ffb7e75ea86b911ed842f7525c08ad5cd4ef5085736e757c47f3b4e09b3c9497dad089fae69953dd819f57b3ac1cb3a54ba037f9a8ad3fa37d7aeac9ac36bcb3","ssdeep":"","tlshash":"07c0c0770f2c7f14110310230174f3ac5431c028fc15b302331f40018b50b0d0c30e40","size":178,"data":"","first_seen":"2026-05-25T23:43:55.293244Z","last_seen":"2026-07-01T06:47:23.000153Z","times_seen":179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"da7d6cf21ba9b37cce394593785671f7","sha1":"aabeaf8e874da29cee7e1645707577446b8de63b","sha256":"6912a38811267077bd6dd2630bccd25ba04b653b4967a636d75a6ec97c5bd2fd","sha512":"9739d97867822d248e0083a78d8657485d85e70bbb7a75e0fccd283c2bdb980ded0ea78b1a4fb0540c529e602ba88286021df0553bb23e45fc91281f64a4db49","ssdeep":"","tlshash":"de31ce286eb29531a413612a1f6ff2843235d62f3148ef003f0cc7651f24d6ba6356d5","size":1686,"data":"","first_seen":"2026-06-12T10:00:06.928319Z","last_seen":"2026-07-01T06:47:23.000727Z","times_seen":127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"a15b4803f5b926cf35dd50ad665005e3","sha1":"0dd0dd998736dc9db4ab3c7ee8f7cabc8e1e341b","sha256":"201c5550359d1e530619f58a4f77bfbe382200e2b0c85d4136df96523aee625b","sha512":"e21d282a7abbc3b8aba31153d7969b54c647e3c2bc2f1c786a6f3894ee0322540fc37d99351e5d8998991198a98b26c470c16fef19e5627cff75e0a6157f6e2d","ssdeep":"","tlshash":"b7700000be08a0a80000a0202828080c280238a0803b03080802c8023aa8c80288a802","size":24,"data":"","first_seen":"2026-05-25T23:43:55.294961Z","last_seen":"2026-07-01T06:47:23.001303Z","times_seen":179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f54a6c689ae3fb37bcded37e79fea08","sha1":"0861325faf70167325da7dfd6b4059a6991136aa","sha256":"c9a960988ba6d8cfea2c7e709385252a139280898d9b4010703981ce03184a1c","sha512":"08111d473c9567e7da677c4a5e61e232f670b58e2bac4f1a1d96005b83214368e6bdcf36efa1b99aa4708beb8a11bb3378270d70d1a8faa3b2fbea3abb10b4e6","ssdeep":"","tlshash":"82700008ec0088ab0000a00028000cc8380a00208a3b838f8a00008a2ea28b0000ac00","size":24,"data":"","first_seen":"2026-05-25T23:43:55.29586Z","last_seen":"2026-07-01T06:47:23.001876Z","times_seen":179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"c45b02b1f350ecba8716f39faa1d6dd9","sha1":"323d186c69f92adfbf21ac33010643886a3ada59","sha256":"81d9bb79dfb8f66568da929cceb338198f5fb8ef0d422c9bc19a97944981d729","sha512":"6cb26d6b01335a5779cf876ebce242b675745c80857fe191e0f42b927c5b8c40ff0896f64e6c28640c9bc1d9380344c6282790f6a7341d5ab74eba28fe93f4d2","ssdeep":"","tlshash":"eb017d9e483788107b2225bd537f5089f1a2516f8e8bcc103c1e5b00eff48ab25a2bd9","size":738,"data":"","first_seen":"2026-05-25T23:43:55.296647Z","last_seen":"2026-07-01T06:47:23.002441Z","times_seen":179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"077d4be9ad272f7d475481152daff715","sha1":"2f46a2943ac225687c445e0416015d1f97b7f0a1","sha256":"8d289c243d18cc7608ad59bd1b5d4c5edc5a26521213972903495b5ce1f78ff7","sha512":"310f88318435a5cee999868c4f24f906af4f7ba99540a2a5bf79b68f1cc1dc5fcd84b3c45051e8bc2e8ad3e36873f746fbd95aa84b6b92a27a76c5c84fec37d3","ssdeep":"","tlshash":"ac41027d826245a51973346a1f9e730836f340b31149e9113e5c8a802fa9a5f82b7bfa","size":2321,"data":"","first_seen":"2026-05-25T23:43:55.297422Z","last_seen":"2026-07-01T06:47:23.003022Z","times_seen":179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"e2d3475f1cf5b92ebde88c18cfb52625","sha1":"b178b44e61169b2fc5f25b0120206d3812b19cc1","sha256":"3a448e6329733e72eb2a1d80d1897a5ddf20226acbafb032eecdf71d83fe307a","sha512":"802939763c96de22534a93d89f00066ef7cd4cf58814954ebaa18ad6e77aaf19e99745c8a677625be818d3f378e5fe285ec537561be58e12504a1f3eaa23f363","ssdeep":"","tlshash":"00f0a00e0ee548131963706a4c0f9201203b2513414eea08bffe9bb24f92a6886174cc","size":538,"data":"","first_seen":"2026-05-25T23:43:55.298337Z","last_seen":"2026-07-01T06:47:23.00356Z","times_seen":179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"196e0f8d81dba38fb58a2eef3490451c","sha1":"4c70fb540d5f49bd92603d0cccd3005fea9b4c4f","sha256":"eabeb94d65d8704477ca411952b078a4fde998d61c9b3cb12b6940389dadfd90","sha512":"17596a9ca2ed22c2f13f6ec692ae8c32bc6aa1a1a4c7a888639c8ea5f2596a16efb37dcbd14bbc8b514c8bce98bc3f7ace246f5fdfe4070417cd670834883566","ssdeep":"192:q2wqx5Cvtib5XOQRzlaECoXZTAoV51nsPhwzvBa/id3+36a/E/97g6I52MdobsIS:q2VwiYwJvSoVXsp+pa/iZcVk97g6nMuQ","tlshash":"78322b69a5b71bba25673036277f301889b080630319fd947c0ff61e4fa54366297be7","size":11902,"data":"","first_seen":"2026-05-25T23:43:55.299247Z","last_seen":"2026-07-01T06:47:23.004142Z","times_seen":168,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"4429af1150d1fa3b53d1df1756276b64","sha1":"1921726e78a10af853be137ddf92f3d86deda32a","sha256":"2f7789347336fe8f5baaeba0f2285060e84c161bd59ee0aa3c7d8c47cf27d580","sha512":"416f1e1d8ee3a03067609ca187a88c5e3a77cb751e8769f902a12c6115e6394121254e4d60e469c50ade2b044dff176c0f7ef93912c563c510279de31d61823e","ssdeep":"","tlshash":"0c11cc5a99e28132aa5b303735bd43887728a023d184df413dcc99456fa8da5cabf6c4","size":930,"data":"","first_seen":"2026-05-25T23:43:55.300055Z","last_seen":"2026-07-01T06:47:23.004683Z","times_seen":168,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/22872.1781011881923.153832d9.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9ee602f8eeb24db94a45e276eb229fd","sha1":"add3d7dea3c94842531e4e52db7b334a705c5e6b","sha256":"3d79813c4166473dcbe19eb56d456a226f183993f5aa4108a4fccae156001245","sha512":"8ad5674af4bbf338d1188a8108d0984786a4c94afddefbd592dbc428928dae301e40d4a936d73d0e29ba68989ccd13abee0988a8a6938495736115c80a53eae7","ssdeep":"3072:XHW7tB4Vgj5tNlxyU5YegxYffj7TEOiGzZl+DJVkzEcx1nKs:XHW7tBwgttXxyUtffjAGzT+DJVkzEcxF","tlshash":"21f31bd4f2c071f6475f45f2a22b0075b26f4d92318c98b0e15ba6597f21a48c7abeec","size":157599,"data":"","first_seen":"2026-06-12T19:29:57.267326Z","last_seen":"2026-07-01T02:35:43.808691Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/chunk-svg.1781011881923.7ca9cdc1.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e885a50d7dc711be337a96fe33f0c2e","sha1":"8c767dd1bdcbf35f2577bd215ff6fe495cbd0f43","sha256":"603d14d58a247671742688b96c517d62e9c636443b960bc421af5352df4c01f7","sha512":"09289e06b0db84915693f0b78ab40149972b29693d0d6b1e66e4fbe9bddf00380f5f4e8e78961512d91a132226494572994ceade62d3d8a878126fdcdeb8fd95","ssdeep":"3072:/8nz2uaLZSZvx6Q/sIPrekK+mB6Ua94sRZI7gbpF/:/8nz2uasNxpXPrekK+mB6UHsE4pF/","tlshash":"c0a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","size":470763,"data":"","first_seen":"2026-06-12T19:29:57.244213Z","last_seen":"2026-07-01T02:35:43.816771Z","times_seen":112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/config/gd.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"368318100a3c0f64373230a250953d5a","sha1":"6e0d91639cafd23f1b22aecee332da83c70b93ea","sha256":"dffc9b203a19b9e70363f75f737b7afe2164d6b8c045800d4dd7931d9093aff4","sha512":"91077ca792821795a816a0ee1a9cef242bf2915c02402706c7bd5c027c62f4bc52517b6a5e3db9f4b873e5a3c9d652758cc277c1f5ba07dc12e0d69b4f6e9eeb","ssdeep":"384:bJA61XVpi5LH4NmeJPXwXkQdcAwR0Nw3zzbSGwYg1C:bJA6BZX+oJjzzgY","tlshash":"80721f4d68f7905345a3b03c8bafa114b5388643181cde457e9ce394af6843d97babdc","size":17440,"data":"","first_seen":"2026-05-19T02:14:56.346288Z","last_seen":"2026-07-01T06:47:22.980987Z","times_seen":189,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/index-a3dad144.1781011881923.1093b11d.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0fc0f4a0379e369b442d93ffb72561fd","sha1":"497d95fced30bab2efe9ad3a561c35cd40ad5e9c","sha256":"da926a537d946d3158d41a8531082a740aec7a6a4e3b98599d35546182f20806","sha512":"ef5664991d7fb472281b2696b3b25a322bf51f9bcbccf2043f77fdb67ca9a84d90b893029e93bedea935724bbc4b58a77154b35ac40b15f8e691b539cc3102e3","ssdeep":"6144:LrbhFOufhu/LHEY/T8CPis7lVV4YlRlNsmq9D7:3zBw/LHEY/TBas7lVVhsp9X","tlshash":"ed742b90f76ce1bd875e55ff7a329094902c1b41b0c89e58d29e2944fe6b385eeb04bc","size":356584,"data":"","first_seen":"2026-06-12T19:29:57.253128Z","last_seen":"2026-07-01T06:47:22.974584Z","times_seen":105,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/45540.1781011881923.25dfba7d.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7983a109fba451279f84fe7b75724983","sha1":"9487dc955240c6083cf3497e806dff89bec2061f","sha256":"80bb5c781336a9095ee3e8ae99d724f58a409c7f3c159bf0f320a9c948afe030","sha512":"ddf49f5cfb4721100ef951228391607209e248a8733d48229ff5196fd8a32fc3e759d90c1040dd591b1c0bd97ab83a1c8baaffa70fa96bbe2d556af2379478b0","ssdeep":"6144:1YD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:1YD4wFsYiSAKNH3TY5","tlshash":"e724f894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","size":229366,"data":"","first_seen":"2026-06-12T19:29:57.328205Z","last_seen":"2026-07-01T06:47:22.979507Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/theme.config.ef94991b.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"90d279a2980268d2835cec593c23d286","sha1":"4374bf6da5cbdf8f025434137487bda68077cddf","sha256":"1679f19badc24dea0edab376edfb8583714645e18f705fb849037af6cf0b3ff8","sha512":"362ec1b73cebe1ad224a5b745c9ceebf2b86301deab27e35d6517d499499328b34c24d76a72e5b348d623e64a4d17bfa0ab08d2aa012f02af23c6a72df51817f","ssdeep":"1536:D2JREobVmtlIRM4Sb2mcTa2mnzyJog9CcHWHA:qEtlGu1Jnz45HT","tlshash":"c0b3bb7ae20c963a6177a8bfb46ce111d12f9c0c9b1d5fdef03e60a25710669c831de9","size":108079,"data":"","first_seen":"2026-06-12T19:29:57.324936Z","last_seen":"2026-07-01T02:35:43.807414Z","times_seen":112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/config/telegram.js?t=1782865915967","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","size":116886,"data":"","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-07-01T04:18:46.629793Z","times_seen":1419,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"j101f.vip/","fqdn":"j101f.vip","domain":"j101f.vip","tld":"vip"},"ip":{"addr":"103.27.177.164","port":80,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"1d3ec7d431842a5877ddc9120b8ad46d","sha1":"05bf985bd9c94468b2110c72b41b101377a016db","sha256":"deb79955073837d77b1d27a48d9aec263460a93dcd462ce67eb3a728db9b62b4","sha512":"e3da773034c6c6945abb9022918e08036412a9eb6e76fb6118ea57a8d9294aa56d6af8b14ba85de3eb9a15115c4b3d4e0dccc33bb9dee2df5e5a4ae3be9c3ac2","ssdeep":"","tlshash":"75e086f324418a7066fa225bab57b7553d2250c72e52700540185c51a12cf8ec63df99","size":320,"data":"","first_seen":"2026-04-22T11:08:21.052825Z","last_seen":"2026-07-01T05:16:24.658243Z","times_seen":898,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/chunk-init-c0d76f48.1781011881923.0f397bb1.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"815f2acbd0918250f25d4f71409219b0","sha1":"d5778078df7eada22b3175f9182b8b22e828c433","sha256":"12a61f287da39190db34dff1de7188c3d8b76ffbd1c11290962db88fd5e2ab46","sha512":"5ba4adaf4b36b4a402c30c3aaa5be5f02e292391d79400d353a5ca6c61405cb40e5179858abddb1af6dad243899e420111e49004d01d339ce9de23d8f522c379","ssdeep":"1536:zG5qxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3Ns:iQz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"5ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","size":161226,"data":"","first_seen":"2026-05-11T06:12:53.502908Z","last_seen":"2026-07-01T02:35:43.809302Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/13575.1781011881923.cda1d494.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"65e5fffbcacf52710ad963a4aeede3be","sha1":"f9c16a3c86649aeacf18e736faacff0cf78192e7","sha256":"36f42498ee253b0d1d5e7ec8bdf406f05c4c91e72f64169b1ff67435d2069099","sha512":"96e8263c115ca75ff63f6ce70ba8ad5af370662f86c2f95a8960a5aa5a30ce4134fa01d7fbd1694ce37f111b69e3e418f0542a7ab1bae4cec570c8c3d8d08986","ssdeep":"1536:917BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:7jHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"23141a84764170b8c396a165322f601ae22f789650dd9c24f3789ba47f7470df26fabc","size":194916,"data":"","first_seen":"2026-06-12T19:29:57.266361Z","last_seen":"2026-07-01T02:35:43.809926Z","times_seen":110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/configPage.js?v=6/9/2026,%2021:37:10","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","size":949,"data":"","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-07-01T02:35:43.817285Z","times_seen":1886,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/chunk-init-1656f0b4.1781011881923.32336986.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"149a9a32eef525724cd200e4dce7a032","sha1":"29b091925cae6d90319391653e40685f6e6c5735","sha256":"10fcb7c4e44a141964cb31c527462c6e56f78d95c956fb02c50c61fc576cefd2","sha512":"62d80403786c13019e86e1c6b991d73cf52ff5bd25d4eeaec34ca12125d677604a269fc6c56ef301f074c42798f8e7935df623d6a0a62559d70749e53082085f","ssdeep":"1536:z2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCif9:z2twqhOIK2nCLdyACifMur06/D","tlshash":"6dd3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","size":136038,"data":"","first_seen":"2026-06-12T19:29:57.333908Z","last_seen":"2026-07-01T02:35:43.812718Z","times_seen":112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/83876.1781011881923.7ce40e6b.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"abf84df30621edc23a82d05ff0b8a83a","sha1":"e727ad94ce5d5f5b8fabec0e0b5a966fb6e6594f","sha256":"c3b02d056ac034939c3ff75a10a2da23f5f05f96a36ca1e5cea2157ce0fe12be","sha512":"db2a2a00f51cc6f75cfcbb6d988df74403fae93255982a054710e5f87a2d8407f4f8f02fef8ef1a0e5edb289736296b2d11a3b77cad6c6d9089bb831cda45be5","ssdeep":"6144:0/rOTU2/xB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:0iUjytgPJPT3p2YpHrrL","tlshash":"2f442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f265f990be7555c927fbfc","size":262269,"data":"","first_seen":"2026-06-12T19:29:57.272405Z","last_seen":"2026-07-01T02:35:43.808076Z","times_seen":109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/chunk-common.1781011881923.b470d60e.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"08afa88982cffd7b96a2190cdafe1c42","sha1":"abb87563ff4cd658f4436118c54f3f39c08f74a4","sha256":"8673d3fc3524eb9d8b4020b3da3109aa5ab5e569ed8d0074f2b72b8643f813ae","sha512":"70c9df3dd7b3e3d41a607627c6a2750f43673649dbd55c7a56606a7d3e67382cb2991f146f7ad2359cc5ff1615f9db484b54642917150351017d0fa4385c3d2f","ssdeep":"1536:jBY8bgGcdWUa2UTY6eryXHuLmbErF/G7D1dMI59H64likx/vocGAClVbGD3tFk7u:jBYCRTY6wjFetH64liC/vocGAcgD3t","tlshash":"65f3e8c5b3a0f07e9a1ed53779331499b12f758274c87c60f1a1ade6bf1a704a436ca8","size":161286,"data":"","first_seen":"2026-06-12T19:29:57.317434Z","last_seen":"2026-07-01T02:35:43.816228Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"18091.xyz/js/chunk-init-c0d76f48.1781011881923.0f397bb1.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.992Z","timestamp":1782865915992,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-init-c0d76f48.1781011881923.0f397bb1.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:57 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-275ca\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865917=zzQm+NvBO0BAU0RDh4gpkpsR6GQOEaSeP3pA2Dwipz4LljJmk18dztJuqGVCf4R292OrGDFRaw2FGI7/+Qr2UAVF2hPN9fgwiV3B3PT+aKRnCuivjROoMWO5nFqWDfIAWlxUKhKsxAURMriofWp4K1bthzn62shtpFTJo1naru16FIKv//4JTjbHUWVtTxLR\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c019f1b16f5e73029\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":161226,"size_decoded":53264,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"815f2acbd0918250f25d4f71409219b0","sha1":"d5778078df7eada22b3175f9182b8b22e828c433","sha256":"12a61f287da39190db34dff1de7188c3d8b76ffbd1c11290962db88fd5e2ab46","sha512":"5ba4adaf4b36b4a402c30c3aaa5be5f02e292391d79400d353a5ca6c61405cb40e5179858abddb1af6dad243899e420111e49004d01d339ce9de23d8f522c379","ssdeep":"1536:zG5qxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3Ns:iQz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"5ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","first_seen":"2026-05-11T06:12:53.502908Z","last_seen":"2026-07-01T02:35:43.809302Z","times_seen":114,"resource_available":true,"data":null}},"time_used":2623,"timings":{"blocked":1226,"dns":0,"connect":0,"send":0,"wait":376,"receive":1021,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/chunk-init-1656f0b4.1781011881923.32336986.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.993Z","timestamp":1782865915993,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-init-1656f0b4.1781011881923.32336986.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:57 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-21366\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865917=zzQm+NvBO0BAU0RDh4gpkpsR6GQOEaSeP3pA2Dwipz4LljJmk18dztJuqGVCf4R292OrGDFRaw2FGI7/+Qr2UAVF2hPN9fgwiV3B3PT+aKRnCuivjROoMWO5nFqWDfIAWlxUKhKsxAURMriofWp4K1bthzn62shtpFTJo1naru16FIKv//4JTjbHUWVtTxLR\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1b16f62148db\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136038,"size_decoded":38262,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44088)","md5":"149a9a32eef525724cd200e4dce7a032","sha1":"29b091925cae6d90319391653e40685f6e6c5735","sha256":"10fcb7c4e44a141964cb31c527462c6e56f78d95c956fb02c50c61fc576cefd2","sha512":"62d80403786c13019e86e1c6b991d73cf52ff5bd25d4eeaec34ca12125d677604a269fc6c56ef301f074c42798f8e7935df623d6a0a62559d70749e53082085f","ssdeep":"1536:z2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCif9:z2twqhOIK2nCLdyACifMur06/D","tlshash":"6dd3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","first_seen":"2026-06-12T19:29:57.333908Z","last_seen":"2026-07-01T02:35:43.812718Z","times_seen":112,"resource_available":true,"data":null}},"time_used":2332,"timings":{"blocked":1299,"dns":0,"connect":0,"send":0,"wait":697,"receive":336,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/chunk-common.1781011881923.b470d60e.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.994Z","timestamp":1782865915994,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-common.1781011881923.b470d60e.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:58 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-27606\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865918=3gg3qdy/N4Dc0mOT8nkBU/Y4FNu9qJMHziHRagJ37A799klKXHESMfQDVJyKodGjzCQgCaT4gM5owl92iqKW5QatmXti72AncXOtl0QPKolj2z2IsYMb97jNyzyxSDTW6K5kkWCddmAiq7WtaWXh6OzISSfU3C6uOOOg22Yt82NxCqnaRrwz5Ix2uYND+Hix\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1b16fa1648e1\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":161286,"size_decoded":36940,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"08afa88982cffd7b96a2190cdafe1c42","sha1":"abb87563ff4cd658f4436118c54f3f39c08f74a4","sha256":"8673d3fc3524eb9d8b4020b3da3109aa5ab5e569ed8d0074f2b72b8643f813ae","sha512":"70c9df3dd7b3e3d41a607627c6a2750f43673649dbd55c7a56606a7d3e67382cb2991f146f7ad2359cc5ff1615f9db484b54642917150351017d0fa4385c3d2f","ssdeep":"1536:jBY8bgGcdWUa2UTY6eryXHuLmbErF/G7D1dMI59H64likx/vocGAClVbGD3tFk7u:jBYCRTY6wjFetH64liC/vocGAcgD3t","tlshash":"65f3e8c5b3a0f07e9a1ed53779331499b12f758274c87c60f1a1ade6bf1a704a436ca8","first_seen":"2026-06-12T19:29:57.317434Z","last_seen":"2026-07-01T02:35:43.816228Z","times_seen":111,"resource_available":true,"data":null}},"time_used":5761,"timings":{"blocked":2332,"dns":0,"connect":0,"send":0,"wait":677,"receive":2752,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/83876.1781011881923.7ce40e6b.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.998Z","timestamp":1782865915998,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/83876.1781011881923.7ce40e6b.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-4007d\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865919=Kte6D7W0P5SgVZ7F5GiG4Xea9CwbLkZ+dBvwykQyCBvb3fuiCR8Y6EHd+KwPzYD1ZRk5GrEV4EbHHA7kGRuADUx4g15rJcY3Tc5mJdDYJmOu0oZYTuV0UnP/yGCXnZN3/HOUZVxe+9qQs71fWyRzMm6v35lCQioNvsf9j6vIJfI5Io75taKMhiGFXYPZGtHx\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5ba19f1b16fe8ad78c\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":262269,"size_decoded":77907,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"abf84df30621edc23a82d05ff0b8a83a","sha1":"e727ad94ce5d5f5b8fabec0e0b5a966fb6e6594f","sha256":"c3b02d056ac034939c3ff75a10a2da23f5f05f96a36ca1e5cea2157ce0fe12be","sha512":"db2a2a00f51cc6f75cfcbb6d988df74403fae93255982a054710e5f87a2d8407f4f8f02fef8ef1a0e5edb289736296b2d11a3b77cad6c6d9089bb831cda45be5","ssdeep":"6144:0/rOTU2/xB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:0iUjytgPJPT3p2YpHrrL","tlshash":"2f442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f265f990be7555c927fbfc","first_seen":"2026-06-12T19:29:57.272405Z","last_seen":"2026-07-01T02:35:43.808076Z","times_seen":109,"resource_available":true,"data":null}},"time_used":4502,"timings":{"blocked":3465,"dns":0,"connect":0,"send":0,"wait":321,"receive":716,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/index-a3dad144.1781011881923.1093b11d.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:56.000Z","timestamp":1782865916000,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/index-a3dad144.1781011881923.1093b11d.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:32:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-570e8\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865920=k/0IPEVHNZOMlk7mkJKcV0zPS9ouD7ITZELan8fmN4u0NgzljUBn0hx94b0UXXdJfLZeYYGAHAfc6ZKE2JXU4+ah6KO/TXYqZEqyEsDdtNg0Mp7lM8IoXL2WgNGlT40zsiKiheBCH7JGdt+tdBWtw2RS3h0nUHjhzqCsNLrDW1f9VkYGKIzFi1SvMA232678\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5ba19f1b170291d791\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":356584,"size_decoded":117591,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64562), with no line terminators","md5":"0fc0f4a0379e369b442d93ffb72561fd","sha1":"497d95fced30bab2efe9ad3a561c35cd40ad5e9c","sha256":"da926a537d946d3158d41a8531082a740aec7a6a4e3b98599d35546182f20806","sha512":"ef5664991d7fb472281b2696b3b25a322bf51f9bcbccf2043f77fdb67ca9a84d90b893029e93bedea935724bbc4b58a77154b35ac40b15f8e691b539cc3102e3","ssdeep":"6144:LrbhFOufhu/LHEY/T8CPis7lVV4YlRlNsmq9D7:3zBw/LHEY/TBas7lVVhsp9X","tlshash":"ed742b90f76ce1bd875e55ff7a329094902c1b41b0c89e58d29e2944fe6b385eeb04bc","first_seen":"2026-06-12T19:29:57.253128Z","last_seen":"2026-07-01T06:47:22.974584Z","times_seen":105,"resource_available":true,"data":null}},"time_used":5944,"timings":{"blocked":4502,"dns":0,"connect":0,"send":0,"wait":376,"receive":1066,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/config/telegram.js?t=1782865915967","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:56.004Z","timestamp":1782865916004,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /config/telegram.js?t=1782865915967 HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:32:01 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-1c896\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865921=xCKQzRVQPXvmsDjaIwre5Ua39xFginJzQiMgpi8qlsbmAwXNHGJGDMrtMBjcEuTW9GfcvYybduRMji4yLUhVWvJMsqHILOQjSutncbyLSSl3i1RtYU+PvQMRSswyRSAKOOD7Kw89mcdgm2aEhJ/ZntTPxSW51dcCe6tT22S+OjvGSMInm7DW5hb3UZKqmZWp\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1b17078548ef\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116886,"size_decoded":18895,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (483)","md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-07-01T04:18:46.629793Z","times_seen":1419,"resource_available":true,"data":null}},"time_used":8668,"timings":{"blocked":5760,"dns":0,"connect":0,"send":0,"wait":354,"receive":2554,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"j101f.vip/","fqdn":"j101f.vip","domain":"j101f.vip","tld":"vip"},"ip":{"addr":"103.27.177.164","port":80,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T00:31:48.083Z","timestamp":1782865908083,"http_version":"HTTP/1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: j101f.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 200 OK\r\nConnection: close\r\nCache-Control: max-age=259200\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 426\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T08:18:52.752191Z","times_seen":16884730,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T00:31:51.655Z","timestamp":1782865911655,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:55 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nCache-Control: public, s-maxage=600, max-age=0\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865915=KnbITb1UW2wgzTVQseBhHKUWoVs3MmG2l+/eRvqkUC6GgdWstFR1Q4aFxQHTzQ0xQZS3Wu0nzWp+UC2pa0xoOLCushxOgT5E4ai3iQB9MJkHYeqpLqDwOGqZW+jlIUZ+oBLOYTw/GcoW+zr989dgpceegdZa0AVxA4u/2I2UrCGx90nK7Nx7uXZoNDsCUBrw\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c019f1b16eec5301b\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24594,"size_decoded":11457,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"e79ba8d5268f3090203c26b2ec87119f","sha1":"67ec737a939ce7eb32f6c9ab0f6cb36a5d0c5045","sha256":"f03b70608a46781f56d44226537411cfd4da69014f8c6540319977c45398149b","sha512":"378079455a3539b8fa003afc4351f6acd844d704e0f41250b71dda29b445cb99821596e562eed3afea6a7d0b6de1ff61e22754a4c3d9384952d09b90f4dc3e55","ssdeep":"384:21ERlxqNBPJu2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:1RXqrJuiNYiKop/E6wkpcu2llz","tlshash":"05b2195a9df3497a2423303a1f7fb20869b0d0134309ed803e4de7594f95aaa56f3bd6","first_seen":"2026-06-12T19:29:57.247756Z","last_seen":"2026-07-01T02:35:43.813855Z","times_seen":113,"resource_available":true,"data":null}},"time_used":4186,"timings":{"blocked":-1,"dns":147,"connect":291,"send":0,"wait":310,"receive":90,"ssl":3348},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/css/index-399e2569.1781011881923.a7b0b4f4.css","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.985Z","timestamp":1782865915985,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/index-399e2569.1781011881923.a7b0b4f4.css HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:57 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-faee\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865917=zzQm+NvBO0BAU0RDh4gpkpsR6GQOEaSeP3pA2Dwipz4LljJmk18dztJuqGVCf4R292OrGDFRaw2FGI7/+Qr2UAVF2hPN9fgwiV3B3PT+aKRnCuivjROoMWO5nFqWDfIAWlxUKhKsxAURMriofWp4K1bthzn62shtpFTJo1naru16FIKv//4JTjbHUWVtTxLR\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1b16f704373c\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64238,"size_decoded":34291,"mime_type":"text/css","magic":"ASCII text, with very long lines (64238), with no line terminators","md5":"1f30d2cd291b70a1848607e3460d9278","sha1":"e91e48518ec94fcaacf418789927f34d7527dc99","sha256":"8ce1851c7bd6e7db80ee5ee8da7a0c808f29756dda3c941bb3811dc3bd3e5afd","sha512":"3cf09b1afc740c4a219a45a233489d76587ec8bd80a57c52ab133f33fdffa8a3fe35a0a27e386270ebeaa9e86d156897e44733b8eb83ee6935fe67749c30cd0f","ssdeep":"768:E0ouVbMisnf7X8vtr9UL5srs7hAqpLe20TCKiNkZICSA2ohGyHukQ9aaV+TJtU+G:HoGws9isrQAqVe6KekWRlkQ9hf+Pe","tlshash":"c6538d3123e0286ee27b6b16ec51e659352b8602f127625af703362fc1d72f5c67b742","first_seen":"2026-03-20T12:57:26.768432Z","last_seen":"2026-07-01T06:47:22.987297Z","times_seen":663,"resource_available":false,"data":null}},"time_used":2502,"timings":{"blocked":-1,"dns":0,"connect":292,"send":0,"wait":679,"receive":272,"ssl":1259},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/theme.config.ef94991b.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.987Z","timestamp":1782865915987,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /theme.config.ef94991b.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:10 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281706-1a62f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865919=Kte6D7W0P5SgVZ7F5GiG4Xea9CwbLkZ+dBvwykQyCBvb3fuiCR8Y6EHd+KwPzYD1ZRk5GrEV4EbHHA7kGRuADUx4g15rJcY3Tc5mJdDYJmOu0oZYTuV0UnP/yGCXnZN3/HOUZVxe+9qQs71fWyRzMm6v35lCQioNvsf9j6vIJfI5Io75taKMhiGFXYPZGtHx\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6c519f1b16fe044501\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108079,"size_decoded":16737,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38260)","md5":"90d279a2980268d2835cec593c23d286","sha1":"4374bf6da5cbdf8f025434137487bda68077cddf","sha256":"1679f19badc24dea0edab376edfb8583714645e18f705fb849037af6cf0b3ff8","sha512":"362ec1b73cebe1ad224a5b745c9ceebf2b86301deab27e35d6517d499499328b34c24d76a72e5b348d623e64a4d17bfa0ab08d2aa012f02af23c6a72df51817f","ssdeep":"1536:D2JREobVmtlIRM4Sb2mcTa2mnzyJog9CcHWHA:qEtlGu1Jnz45HT","tlshash":"c0b3bb7ae20c963a6177a8bfb46ce111d12f9c0c9b1d5fdef03e60a25710669c831de9","first_seen":"2026-06-12T19:29:57.324936Z","last_seen":"2026-07-01T02:35:43.807414Z","times_seen":112,"resource_available":true,"data":null}},"time_used":6954,"timings":{"blocked":3339,"dns":0,"connect":0,"send":0,"wait":315,"receive":3300,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/45540.1781011881923.25dfba7d.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.996Z","timestamp":1782865915996,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/45540.1781011881923.25dfba7d.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:58 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-37ff6\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865918=3gg3qdy/N4Dc0mOT8nkBU/Y4FNu9qJMHziHRagJ37A799klKXHESMfQDVJyKodGjzCQgCaT4gM5owl92iqKW5QatmXti72AncXOtl0QPKolj2z2IsYMb97jNyzyxSDTW6K5kkWCddmAiq7WtaWXh6OzISSfU3C6uOOOg22Yt82NxCqnaRrwz5Ix2uYND+Hix\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1b16fab43741\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":229366,"size_decoded":65835,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7983a109fba451279f84fe7b75724983","sha1":"9487dc955240c6083cf3497e806dff89bec2061f","sha256":"80bb5c781336a9095ee3e8ae99d724f58a409c7f3c159bf0f320a9c948afe030","sha512":"ddf49f5cfb4721100ef951228391607209e248a8733d48229ff5196fd8a32fc3e759d90c1040dd591b1c0bd97ab83a1c8baaffa70fa96bbe2d556af2379478b0","ssdeep":"6144:1YD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:1YD4wFsYiSAKNH3TY5","tlshash":"e724f894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","first_seen":"2026-06-12T19:29:57.328205Z","last_seen":"2026-07-01T06:47:22.979507Z","times_seen":111,"resource_available":true,"data":null}},"time_used":6208,"timings":{"blocked":2481,"dns":0,"connect":0,"send":0,"wait":1332,"receive":2395,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/index-399e2569.1781011881923.9d909473.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:56.001Z","timestamp":1782865916001,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/index-399e2569.1781011881923.9d909473.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:32:01 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-5cdf\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865921=xCKQzRVQPXvmsDjaIwre5Ua39xFginJzQiMgpi8qlsbmAwXNHGJGDMrtMBjcEuTW9GfcvYybduRMji4yLUhVWvJMsqHILOQjSutncbyLSSl3i1RtYU+PvQMRSswyRSAKOOD7Kw89mcdgm2aEhJ/ZntTPxSW51dcCe6tT22S+OjvGSMInm7DW5hb3UZKqmZWp\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c019f1b17065f304e\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23775,"size_decoded":11338,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23775), with no line terminators","md5":"a89a32dae8cc80557b581a69e02f0d02","sha1":"00f9cfeca127af0a139c0670ed8d2e2e7ccf673b","sha256":"6f97c8ce9605a8e9e80a699696c70ec26a4b9bce20badaa6947bf4e5ac52e9d2","sha512":"2ca5bc054575932085e6cd6529613a94f145aa9a3b7731fb85b97b27286a882043110ab45b7eb4673228185ce1560b47968d3aa7b77492f17abf82e778076a9b","ssdeep":"384:pZTANHmDGIaVPkrTBTcK8K+Ehn6A3zgJ9Ks/fT5qZsxbt85F3oWf0Af/nwtU8Zci:znDGIYPkPVf8K5hn33UnKofy5FYxAfPY","tlshash":"e2b2b6e63392bdb8c24f9676f23a58ecc43f9141c30fc4f8d265bd947d98644aa92784","first_seen":"2026-06-12T19:29:57.227313Z","last_seen":"2026-07-01T02:35:43.810884Z","times_seen":106,"resource_available":true,"data":null}},"time_used":5995,"timings":{"blocked":5439,"dns":0,"connect":0,"send":0,"wait":424,"receive":132,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j101f.vip/","fqdn":"j101f.vip","domain":"j101f.vip","tld":"vip"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T00:31:45.167Z","timestamp":1782865905167,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: j101f.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T08:18:52.752191Z","times_seen":16884730,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j101f.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/css/chunk-common.1781011881923.90261a1c.css","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.982Z","timestamp":1782865915982,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/chunk-common.1781011881923.90261a1c.css HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:57 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-34c8\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865917=zzQm+NvBO0BAU0RDh4gpkpsR6GQOEaSeP3pA2Dwipz4LljJmk18dztJuqGVCf4R292OrGDFRaw2FGI7/+Qr2UAVF2hPN9fgwiV3B3PT+aKRnCuivjROoMWO5nFqWDfIAWlxUKhKsxAURMriofWp4K1bthzn62shtpFTJo1naru16FIKv//4JTjbHUWVtTxLR\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1b16f4ae48d8\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13512,"size_decoded":4720,"mime_type":"text/css","magic":"ASCII text, with very long lines (13512), with no line terminators","md5":"18db28ed82e6a8aa84b4ca311e8effc9","sha1":"19d1c3f13ce483b564653631f2bd6a340017a84b","sha256":"8d0fd3816e0960390ac6c9757e98a97c96597871468e74a8dcb81f170ad98303","sha512":"dbee6bb335fe964df137f44bbd9752844d5baeeec889ffb5c21c9979a8ce51018f81dadd4a66b2016a30874962c6e4fd2243325fa60958d45d06f34bdee72b87","ssdeep":"192:4dQK/X4cBY4mZGX1lsUTLA7gYER7/i//LN4hHSQZA2VxM2XwKjv0:M8oTGER7/i//LihHBrxP0","tlshash":"c952a631d634b53ce57be226f9d09adc6024d417e2730baeea643b3ac5ca4d215332c8","first_seen":"2026-06-12T19:29:57.231975Z","last_seen":"2026-07-01T02:35:43.815175Z","times_seen":114,"resource_available":false,"data":null}},"time_used":1324,"timings":{"blocked":-1,"dns":0,"connect":290,"send":0,"wait":346,"receive":10,"ssl":678},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssl.hw301.xyz:8900/?u=j101f.vip/\u0026p=/","fqdn":"ssl.hw301.xyz","domain":"hw301.xyz","tld":"xyz"},"ip":{"addr":"23.224.132.157","port":8900,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T00:31:50.856Z","timestamp":1782865910856,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cloud.hw301.top","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 08 Jun 2026 00:00:00 GMT","end":"Wed, 23 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"67:F4:44:A8:2A:80:5A:70:54:A1:CF:76:81:D8:73:BE:07:8A:03:BF","sha256":"6D:29:23:0E:AA:5C:2D:C5:FB:64:FA:CA:EE:F0:40:A5:66:21:88:96:78:F4:E6:C3:EA:8D:6F:71:1A:2E:8A:B0"}}},"request":{"raw":"GET /?u=http://j101f.vip/\u0026p=/ HTTP/1.1\r\nHost: ssl.hw301.xyz:8900\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://j101f.vip/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 01 Jul 2026 00:31:51 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https://18091.xyz\r\nX-Frame-Options: DENY\r\nVary: Origin\r\nReferrer-Policy: same-origin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T08:18:52.752191Z","times_seen":16884730,"resource_available":true,"data":null}},"time_used":792,"timings":{"blocked":-1,"dns":100,"connect":161,"send":0,"wait":200,"receive":0,"ssl":331},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"ssl.hw301.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/configPage.js?v=6/9/2026,%2021:37:10","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.977Z","timestamp":1782865915977,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /configPage.js?v=6/9/2026,%2021:37:10 HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:56 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 949\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:20 GMT\r\nETag: \"6a281710-3b5\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782865916=ctomzhUtMV+Ji2hHrd1WGW01lEkwqdMCfZbU/9aBCC4Pp85RthMeNFNNlkxZSkcmdcPDuK2wJeTSoSaF26JsSjoj5iIXdKy+BbeUdNBCwi9qL2AxXwX9d6lciN2rQsmsNToKSbPIQ/MA93OugRhXVKLm2GybRGdnMNdRZ2n5zyTFZG4FCyCRGUsStMqqvKc7\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c019f1b16f0de301d\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":949,"size_decoded":1622,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (917), with no line terminators","md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-07-01T02:35:43.817285Z","times_seen":1886,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":295,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/config/initGeetest4.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.979Z","timestamp":1782865915979,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /config/initGeetest4.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:56 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-3a7f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865916=ctomzhUtMV+Ji2hHrd1WGW01lEkwqdMCfZbU/9aBCC4Pp85RthMeNFNNlkxZSkcmdcPDuK2wJeTSoSaF26JsSjoj5iIXdKy+BbeUdNBCwi9qL2AxXwX9d6lciN2rQsmsNToKSbPIQ/MA93OugRhXVKLm2GybRGdnMNdRZ2n5zyTFZG4FCyCRGUsStMqqvKc7\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1b16f0e02a21\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14975,"size_decoded":5043,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-07-01T06:47:22.96888Z","times_seen":973,"resource_available":true,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/config/gd.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.981Z","timestamp":1782865915981,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /config/gd.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:56 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-4420\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865916=ctomzhUtMV+Ji2hHrd1WGW01lEkwqdMCfZbU/9aBCC4Pp85RthMeNFNNlkxZSkcmdcPDuK2wJeTSoSaF26JsSjoj5iIXdKy+BbeUdNBCwi9qL2AxXwX9d6lciN2rQsmsNToKSbPIQ/MA93OugRhXVKLm2GybRGdnMNdRZ2n5zyTFZG4FCyCRGUsStMqqvKc7\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c019f1b16f2093021\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17440,"size_decoded":5524,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"368318100a3c0f64373230a250953d5a","sha1":"6e0d91639cafd23f1b22aecee332da83c70b93ea","sha256":"dffc9b203a19b9e70363f75f737b7afe2164d6b8c045800d4dd7931d9093aff4","sha512":"91077ca792821795a816a0ee1a9cef242bf2915c02402706c7bd5c027c62f4bc52517b6a5e3db9f4b873e5a3c9d652758cc277c1f5ba07dc12e0d69b4f6e9eeb","ssdeep":"384:bJA61XVpi5LH4NmeJPXwXkQdcAwR0Nw3zzbSGwYg1C:bJA6BZX+oJjzzgY","tlshash":"80721f4d68f7905345a3b03c8bafa114b5388643181cde457e9ce394af6843d97babdc","first_seen":"2026-05-19T02:14:56.346288Z","last_seen":"2026-07-01T06:47:22.980987Z","times_seen":189,"resource_available":true,"data":null}},"time_used":1026,"timings":{"blocked":-1,"dns":0,"connect":301,"send":0,"wait":729,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/css/46431.1781011881923.bc5df1d1.css","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.983Z","timestamp":1782865915983,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/46431.1781011881923.bc5df1d1.css HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:57 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-552d2\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865917=zzQm+NvBO0BAU0RDh4gpkpsR6GQOEaSeP3pA2Dwipz4LljJmk18dztJuqGVCf4R292OrGDFRaw2FGI7/+Qr2UAVF2hPN9fgwiV3B3PT+aKRnCuivjROoMWO5nFqWDfIAWlxUKhKsxAURMriofWp4K1bthzn62shtpFTJo1naru16FIKv//4JTjbHUWVtTxLR\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5ba19f1b16f5d0d77f\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":348882,"size_decoded":87418,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"93f90e3733fc4af32a4ef4b34416c531","sha1":"bbe0b8f50268073f57565c76a1ac45b46f6c668e","sha256":"ce07d563179018eb4ccfcaf005a871d6baee3ad2ac4400e6e4768a2d35c5aa1e","sha512":"664e0ea56bcf02d80d7e148c8c999493c6501c5b8b6138fb0c5a05c0c0a9c3b5facac9d711aa2ce216eb335328be867456dbbbb2864f99531faffa5fb74eaade","ssdeep":"6144:z4+4r0H8Tu4+4r5cRlGuEQUQ929srbnpTP4T:z4+4ZTu4+4yaT","tlshash":"b774fa6caf1030ae15a7cb27b660f5199c36a443f9bfde9af3e53d580789a510623c13","first_seen":"2026-05-09T01:34:22.507922Z","last_seen":"2026-07-01T06:47:22.973198Z","times_seen":160,"resource_available":false,"data":null}},"time_used":3488,"timings":{"blocked":-1,"dns":0,"connect":292,"send":0,"wait":752,"receive":1548,"ssl":896},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/chunk-svg.1781011881923.7ca9cdc1.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.989Z","timestamp":1782865915989,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-svg.1781011881923.7ca9cdc1.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:56 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-72eeb\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865916=ctomzhUtMV+Ji2hHrd1WGW01lEkwqdMCfZbU/9aBCC4Pp85RthMeNFNNlkxZSkcmdcPDuK2wJeTSoSaF26JsSjoj5iIXdKy+BbeUdNBCwi9qL2AxXwX9d6lciN2rQsmsNToKSbPIQ/MA93OugRhXVKLm2GybRGdnMNdRZ2n5zyTFZG4FCyCRGUsStMqqvKc7\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1b16f24d2a24\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":470763,"size_decoded":90048,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"2e885a50d7dc711be337a96fe33f0c2e","sha1":"8c767dd1bdcbf35f2577bd215ff6fe495cbd0f43","sha256":"603d14d58a247671742688b96c517d62e9c636443b960bc421af5352df4c01f7","sha512":"09289e06b0db84915693f0b78ab40149972b29693d0d6b1e66e4fbe9bddf00380f5f4e8e78961512d91a132226494572994ceade62d3d8a878126fdcdeb8fd95","ssdeep":"3072:/8nz2uaLZSZvx6Q/sIPrekK+mB6Ua94sRZI7gbpF/:/8nz2uasNxpXPrekK+mB6UHsE4pF/","tlshash":"c0a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","first_seen":"2026-06-12T19:29:57.244213Z","last_seen":"2026-07-01T02:35:43.816771Z","times_seen":112,"resource_available":true,"data":null}},"time_used":7605,"timings":{"blocked":338,"dns":0,"connect":0,"send":0,"wait":710,"receive":6557,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/13575.1781011881923.cda1d494.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.997Z","timestamp":1782865915997,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/13575.1781011881923.cda1d494.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:31:58 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-2f964\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865918=3gg3qdy/N4Dc0mOT8nkBU/Y4FNu9qJMHziHRagJ37A799klKXHESMfQDVJyKodGjzCQgCaT4gM5owl92iqKW5QatmXti72AncXOtl0QPKolj2z2IsYMb97jNyzyxSDTW6K5kkWCddmAiq7WtaWXh6OzISSfU3C6uOOOg22Yt82NxCqnaRrwz5Ix2uYND+Hix\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c019f1b16fb393035\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194916,"size_decoded":60169,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"65e5fffbcacf52710ad963a4aeede3be","sha1":"f9c16a3c86649aeacf18e736faacff0cf78192e7","sha256":"36f42498ee253b0d1d5e7ec8bdf406f05c4c91e72f64169b1ff67435d2069099","sha512":"96e8263c115ca75ff63f6ce70ba8ad5af370662f86c2f95a8960a5aa5a30ce4134fa01d7fbd1694ce37f111b69e3e418f0542a7ab1bae4cec570c8c3d8d08986","ssdeep":"1536:917BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:7jHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"23141a84764170b8c396a165322f601ae22f789650dd9c24f3789ba47f7470df26fabc","first_seen":"2026-06-12T19:29:57.266361Z","last_seen":"2026-07-01T02:35:43.809926Z","times_seen":110,"resource_available":true,"data":null}},"time_used":4142,"timings":{"blocked":2622,"dns":0,"connect":0,"send":0,"wait":305,"receive":1215,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18091.xyz/js/22872.1781011881923.153832d9.js","fqdn":"18091.xyz","domain":"18091.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18091.xyz/","date":"2026-07-01T00:31:55.999Z","timestamp":1782865915999,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/22872.1781011881923.153832d9.js HTTP/1.1\r\nHost: 18091.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18091.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 00:32:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-2679f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782865920=k/0IPEVHNZOMlk7mkJKcV0zPS9ouD7ITZELan8fmN4u0NgzljUBn0hx94b0UXXdJfLZeYYGAHAfc6ZKE2JXU4+ah6KO/TXYqZEqyEsDdtNg0Mp7lM8IoXL2WgNGlT40zsiKiheBCH7JGdt+tdBWtw2RS3h0nUHjhzqCsNLrDW1f9VkYGKIzFi1SvMA232678\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c019f1b1701283043\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":157599,"size_decoded":50860,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9ee602f8eeb24db94a45e276eb229fd","sha1":"add3d7dea3c94842531e4e52db7b334a705c5e6b","sha256":"3d79813c4166473dcbe19eb56d456a226f183993f5aa4108a4fccae156001245","sha512":"8ad5674af4bbf338d1188a8108d0984786a4c94afddefbd592dbc428928dae301e40d4a936d73d0e29ba68989ccd13abee0988a8a6938495736115c80a53eae7","ssdeep":"3072:XHW7tB4Vgj5tNlxyU5YegxYffj7TEOiGzZl+DJVkzEcx1nKs:XHW7tBwgttXxyUtffjAGzT+DJVkzEcxF","tlshash":"21f31bd4f2c071f6475f45f2a22b0075b26f4d92318c98b0e15ba6597f21a48c7abeec","first_seen":"2026-06-12T19:29:57.267326Z","last_seen":"2026-07-01T02:35:43.808691Z","times_seen":108,"resource_available":true,"data":null}},"time_used":5440,"timings":{"blocked":4142,"dns":0,"connect":0,"send":0,"wait":426,"receive":872,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
