{"report_id":"f56e3aff-2180-4aa9-b39c-f7ab47aa456e","version":6,"status":"done","tags":[],"date":"2026-01-01T20:12:39Z","url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"title":"ManBetX(万博体育)官网|英超狼队和水晶宫全球赞助伙伴","dom":{"size":117979,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1467)","md5":"e3c2efec9820e688ded8861bd08c47ab","sha1":"a646817e5c63903078508fedbbad7548545ddeb0","sha256":"0e1109f83141742bd446cbbdf3c64c26595488b302961ee78c858700d8c99b27","sha512":"185b4e936ea90674f31af4a71bc455eb3eba6385a985906b13933fb19a1a3a59a9b40c2607d4e0099cb920495aa65b6630e9dbbada81164d82ae18585b99a7a4","ssdeep":"1536:wqTY0mSdCFEr2cvenfaMWqvk+XSVz2BVUpGHCLL8vbkst5cdbSaOjQvvvuvKvrwS:XV2pCMWFMkMw+WbSaZXWyzwbRW3","tlshash":"e8b30851a8fe0537017780d6a5b7af1aaeaa9037d3068c1072fe4fc45fc2e82895775e","dom_hash":"domhash87adb71894bfc5ed7fe37302ea7e9ff9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-05T20:12:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-01T20:12:19Z","timestamp":1767298339,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.20","port":36047,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-01T20:12:19.223778+0000\",\"flow_id\":820466883455522,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":36047,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-01T20:12:19.223778+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2025-12-29T01:26:42.90299Z","alert_count":0,"request_count":2,"received_data":30887,"sent_data":1299,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-28T22:17:36.419718Z","alert_count":0,"request_count":2,"received_data":706245,"sent_data":898,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"game.gp5trb.com","ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-03-13","domain_rank":0,"first_seen":"2025-08-11T16:46:35.765228Z","last_seen":"2025-12-27T23:48:46.201129Z","alert_count":0,"request_count":3,"received_data":25626,"sent_data":1424,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static-content-j.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:27:25Z","last_seen":"2025-12-31T07:42:38.524296Z","alert_count":0,"request_count":1,"received_data":6700,"sent_data":500,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.vrfpshbc.com","ip":{"addr":"104.21.68.47","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2023-07-07T23:23:19Z","last_seen":"2025-12-25T22:16:10.750707Z","alert_count":0,"request_count":3,"received_data":8120,"sent_data":1486,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.f4bzyrz92us3.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-02","domain_rank":0,"first_seen":"2019-11-02T15:14:40Z","last_seen":"2025-12-27T23:48:45.596782Z","alert_count":0,"request_count":2,"received_data":55736,"sent_data":915,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static-content-cn.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-11-08T06:15:29Z","last_seen":"2025-12-25T22:16:09.866674Z","alert_count":0,"request_count":14,"received_data":624563,"sent_data":6593,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"banner-notice.6dqr2n.com","ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-06-01T18:49:53.405981Z","last_seen":"2025-12-25T22:16:09.741182Z","alert_count":0,"request_count":3,"received_data":25424,"sent_data":1350,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.eaafacef.com","ip":{"addr":"104.21.67.198","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2024-08-15T12:53:23Z","last_seen":"2025-12-31T07:42:38.584151Z","alert_count":0,"request_count":1,"received_data":3050,"sent_data":518,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.v1c2h.com","ip":{"addr":"52.184.67.179","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-25T12:54:58.845462Z","last_seen":"2025-12-25T22:16:11.746212Z","alert_count":0,"request_count":1,"received_data":35341,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static-content-t.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:48:51Z","last_seen":"2025-12-31T07:49:08.201412Z","alert_count":0,"request_count":29,"received_data":988016,"sent_data":14598,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cn.cljpsnmrbsib.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-11-02","domain_rank":0,"first_seen":"2021-11-02T06:15:10Z","last_seen":"2025-06-09T02:15:51.605842Z","alert_count":50,"request_count":10,"received_data":636133,"sent_data":5359,"comment":"","tags":null,"fingerprints":[{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"file-new.a4hskh.com","ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-10-23T12:54:45.112235Z","last_seen":"2025-12-25T22:16:09.757392Z","alert_count":0,"request_count":4,"received_data":290971,"sent_data":1956,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5185b039d75edd72e946c541d17e3c80","sha1":"710791c76ea207cec0548cf54149c83dbe400c5f","sha256":"fee40cb56673410470defe50e78d0c069be613bf37749c660bdd527402c44edb","sha512":"4d80fb27e9a9b0ebaea4770fcdf8871ba96bf57c4a78afb54be5c4f10b88f5506722f6d764b6d7e3103273d820191d70da57596c1e09d3df42770104550f7636","ssdeep":"","tlshash":"2be0df2abafa0d792dfb211a213ba9445a93202b639cd960b50d69e00f861e9310321a","size":402,"data":"","first_seen":"2025-10-25T13:35:11.606562Z","last_seen":"2026-03-02T07:28:25.828714Z","times_seen":300,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f1b0df23fcbdf17b9d543fbcd4a5c725","sha1":"d544c2e53d658181154056f136006b76c6893dfd","sha256":"e2c700d283b01e0d5d256c97e491249979e9294ba890b3ffe284b9a907a6dfa6","sha512":"3a02e18142876b2adb3c8a8794cd0806ed1b69c9762f102b2728c70971f138c787224783a258937ada2d55e5950146defbd52f72db7caeb2e8138182197c8d9d","ssdeep":"","tlshash":"e9217b066daa108227fb307902bfc2c833b99427058bd9c03d5c55408f2cefa66f9b45","size":1201,"data":"","first_seen":"2026-01-01T20:12:49.365637Z","last_seen":"2026-01-01T20:12:49.365637Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","size":10762,"data":"","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e546d7ad4c50322dfaa6a96fd320c46b","sha1":"9c861759b7d3839274623f234768efc7cbe04158","sha256":"0c660204b059c921518b106d14f4dd061d6459a0802ca5d113a651415af290d0","sha512":"2416ed5d7561d5c3a0c323274d94743687a5aba05ed8098ba185f2debb871b6b691aa4590497b5c451dc644fb594e2ee417b53a5ab0072c2a6f6c4f3b02ffb0a","ssdeep":"192:/ODdk3EGClSTYtR/yy9lWVCytUNJDkG1ys:/sSCLDn","tlshash":"b802bc8df1a752b829b73036537f10c2ab6f021bd456dc30ba8f66b44f82a10a746799","size":8776,"data":"","first_seen":"2025-09-12T00:40:29.99588Z","last_seen":"2026-03-31T07:11:17.082223Z","times_seen":407,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T11:49:34.928235Z","times_seen":770357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","size":10405,"data":"","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-04-03T20:31:04.61196Z","times_seen":406,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","size":60825,"data":"","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/sandbox%20eval%20code","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T11:49:34.905421Z","times_seen":771904,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-04T11:49:22.538491Z","times_seen":102252,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c7ee54a7240990e7c3b05eab06f4a2e7","sha1":"344f7f9163a8214f5583328970d8f6bde9371089","sha256":"6d762892025be8c5b37c804c06fb5300353bd9a6f57eba232b5775b29106cb61","sha512":"74636b349bc64770baea93e5542d1d579192ef0367b87cad5b8a25a2898a33540b82e85ae90c7f7a5a40280d1c97c6c898348123f243ad9a9da93ad7f80f9ed3","ssdeep":"","tlshash":"8c01dc38f2744a4660bb70722d6be81aa9a94c072c0bda14f86c05e12fc06858b6194d","size":760,"data":"","first_seen":"2023-05-15T15:49:02Z","last_seen":"2026-04-03T20:31:04.692272Z","times_seen":660,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2856109bcf4ab287c95f14b1400ad5dd","sha1":"dc925cacf122b5a6acd7ad8738d823ca0ccb45dc","sha256":"7ae47d0607886d1c2ad904eee62a34d4da0a302dfabaa29053898c7858c5354f","sha512":"e6f9efd6be7d220b3bc4e11739a8ba37e34f22453a662ec0e4ad598ee3c6b0b10182ccb6ac20de839aa3556301711f3ecb39afa20c8ef39c7187e209ae50518c","ssdeep":"","tlshash":"6061626abab70155007f202e0abfaa087d904027a20cdd2dbc6cd8c59fd4d0675f7ead","size":3186,"data":"","first_seen":"2025-12-05T15:52:02.651036Z","last_seen":"2026-01-19T13:31:43.46506Z","times_seen":137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","size":24119,"data":"","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-04-03T20:31:04.666447Z","times_seen":665,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"528ef4a1a4b0d93d15940376c9f30a94","sha1":"3dce760e0effd87001127aa2e43a33df79cc2ce4","sha256":"e5778ea07b95de382d159e4876a0ab85ad9cce8343ca2034ef7219a2e7e6a47d","sha512":"e52fd3701f7f4929be758d430d3e9c6325b49173875b2c3934e6b1e0d73033f42aa40bbac1b98651402364a6d920b2efd3bae7950c7d8f87bf4d0694bce361d7","ssdeep":"192:t4tYyfgH8iIXXyiCavEEM8g2Frp3dx4rOyKztANA2A8ARadKHKCST:YB02hkstw","tlshash":"ab02b41af9eb1605293730ad1b7f418875b8d1236548cf30b94cead40f96914d2bafec","size":8902,"data":"","first_seen":"2025-03-02T07:32:23.116883Z","last_seen":"2026-03-30T14:28:44.979286Z","times_seen":624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","size":13514,"data":"","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-04-03T20:31:04.667579Z","times_seen":987,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ee7cb40b3bbf72c0a37e5f6d4af5172b","sha1":"581f427f18c8e208125c813d11c68d7def10c9e3","sha256":"ea3da5a01b7382e046c65426894900423a3622f74a2827bf4df407f2ab9578fb","sha512":"c8de7f43fffd403e1318ad60bf4780085447bfbcc27be7ee2acca425fb5c248057aebdbc700779fcd79216f69d16c2831fc4ed8f86cdc975faee26ef65c16afe","ssdeep":"","tlshash":"5fb01283051c2004b05060ab1f90850846280a252ec3876940ab1233f0cd4709c7db3f","size":98,"data":"","first_seen":"2026-01-01T20:12:49.302552Z","last_seen":"2026-01-01T20:12:49.302552Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"84f707c42ce286c734e1351ebd8fc39e","sha1":"b2021ec61d5ad9c1395410b4e13af7700c071985","sha256":"a2de57bf4c6dfff1abdcf42fca01668efb16c528e609dd83d4065aec6de95d9b","sha512":"48f6f56196fdf71d26620ca73f9d38abae3db750e5dc1d94bdeca73e4fbf147b97b6ce1c01204cfac0ff1bb27a656adceee2d7795901a79d8e1cb7bef2af7428","ssdeep":"6144:tIeJ92bulKYv9VGDmHYmyBFzfns1RnWC46pJem:Opbu7lEDnsrWCDpF","tlshash":"956408c9b3da74268393a474503f108ba27b69d2f84cc895f185ccd42e74aaa4277f7d","size":320843,"data":"","first_seen":"2026-01-01T19:19:15.194799Z","last_seen":"2026-01-02T07:57:12.38048Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","size":68787,"data":"","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f2be170d8f4f787340db2e14d377e79","sha1":"f668d01ccf043d3594e169439d3ce19468e51cd1","sha256":"8134add4aeda5822524e8a34e6251356f57acc8ba3147c31bfafa57f78c674ef","sha512":"6e57acf91dc87fe9cd903e93fef832fcb323772877645b501f6d856624817871c735b45cebe56253df4bf64584cceff5beac06e02631a7885b60fbbfb26d52f6","ssdeep":"","tlshash":"a25140e6fb98330ca4be90a91cbb30c5b19518e525408c747d4d57e17b2282d6b3bfad","size":3154,"data":"","first_seen":"2025-08-26T08:39:52.098859Z","last_seen":"2026-02-12T05:30:34.717229Z","times_seen":413,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T11:49:34.928235Z","times_seen":770357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-04T11:49:22.538491Z","times_seen":102252,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c7406c757dd1f8185153d7f0ef02c35","sha1":"4dcb149565b71e7a030b02915801ae14d154fecd","sha256":"b481ce3caeff1d47d6dba5e6ab4a8132701fe5154569f00a3f82a054d259e8a1","sha512":"01fac061531e48d7fdbfd25fe4c2576a17571368044c4abdfcf3b82bece10eb9d5ca7b19753bef53b7a2a2edc6d03bae4cb9cf022f1c174052a58a8cb82db9b0","ssdeep":"384:dtJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dt4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"e0d2d9a9b282713293a324a5153f324af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29905,"data":"","first_seen":"2026-01-01T20:12:49.33456Z","last_seen":"2026-01-01T20:12:49.33456Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","size":95931,"data":"","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-04-04T10:06:00.694891Z","times_seen":16232,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","size":62427,"data":"","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-03T20:31:04.648614Z","times_seen":536,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d0b0bc1ef7bcdddb43044412caaef9f","sha1":"7486b48306bd3c1c94547a5c4b238d40e4c2be3c","sha256":"87f57b68bdd4f868c5a97901e2bb9b9192d77093a62ba7fb2b0a405e4d73eb6c","sha512":"9cbb500a3bb1bbe52fd69f7b3ffe53f325c55da5b7d3510d72dc6f01b9ff25c3f268e8317a86d65c787fee9d23197cb877c138ff00416ecda80d40c1ee9e281f","ssdeep":"","tlshash":"9be0c216736e1091842328154a3b53054b342513682f7c02fc8d02941f2e60cc073a02","size":382,"data":"","first_seen":"2025-03-02T07:32:23.118872Z","last_seen":"2026-04-03T20:31:04.696067Z","times_seen":652,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e5ca1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"065750634f1a0c26463a10bf20541dd6","sha1":"c176a393740b049077a912920a3f7ec0102b6f58","sha256":"c6bfd3b6a3c9f05282f4b498adcd37873e8fbc7c3a75ed8159c4aeb2f5b3c1ec","sha512":"8ef5e756a2a329e9bf9a466ab7211c8cf74aac8712c9835932e13d71389994da6812eb88b688a095f83a8288a45a944cc706aa955d7f2db68fcb9ac82e002733","ssdeep":"6144:YRIe7ma2bulKY/1u99xHDmHYmyBFzvnszmxWovPad4FpC1+T:fC8bu7/1mbrnsOWdMpX","tlshash":"fe8419ce73c674669392a078503f118ba57b69e2f44cc895f18acce42d746aa4237f7c","size":384168,"data":"","first_seen":"2026-01-01T19:19:15.261407Z","last_seen":"2026-01-02T07:57:12.398246Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3552f8a7752002b3affec43a2da6c19b","sha1":"9e2638199a6efaa978f942adb3b3c14cd58eefef","sha256":"dedccb538a2637231e46da35d2eb90d535181fa22869eb26da2769cd079c9117","sha512":"c40458dd0d8e5c4ce3fa6032cac9eb9c6f3a9450e6859ee319f4faddae86aaa8d88d93d535ac2f73eca45fcf8afb0ff9c19cffa8a318d4cd7ea0c200a8b278ff","ssdeep":"","tlshash":"01f097ce4345caae28e63cbd741a3949a4e90c1a35ea8cb89c02240208d963310e2edf","size":482,"data":"","first_seen":"2026-01-01T20:12:49.374554Z","last_seen":"2026-01-01T20:12:49.374554Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","size":18633,"data":"","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","size":520714,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-04T10:33:38.249157Z","times_seen":13837,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b42e0314adee140fb5e18e096f4bacc6","sha1":"88a0dd79b84b2e572836c66669ab55f89b900b58","sha256":"79cfa18812005def94e215acc70f8ac882ed591a822067b972f4ac2235c6f1f4","sha512":"99546e964d9fbec171b64edc7d2d355aa9214fd8948f81883cecc0950eb590e49bfde4a8e76b7941c43b9e1d9670e6058f566d327912f96e3d7f7ed00553ec0a","ssdeep":"","tlshash":"b6c02bc8211a0c7191fb27008b3ff604b402721898e96931cd0a33054d30e03db58c44","size":155,"data":"","first_seen":"2025-03-02T07:32:23.121669Z","last_seen":"2026-04-03T20:31:04.696643Z","times_seen":660,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/sandbox%20eval%20code","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T11:49:34.905421Z","times_seen":771904,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1767298337","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1c6a76d8efe6bfdb4428aeb42f788be2","sha1":"f0edd570f0af5fabac6382d5057a90b60c6c0036","sha256":"d53503c66fe5aa4919112552650d58f818b415c7d6dd3b1b7e854df2f58a8071","sha512":"26aa3e4965be0db20eefaade2ba7299d79b98f8242b3495e1658a17ab0b08171feadaa470777f676f21d0287e8ed689b01e361a4b1b14e7a20a608664163ef3a","ssdeep":"1536:N6gk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:VGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"7033e61ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","size":54308,"data":"","first_seen":"2026-01-01T20:12:49.291831Z","last_seen":"2026-01-01T20:12:49.291831Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fa249485a4961fe24b760a4d9e9febce","sha1":"c21e2c980ab76e0f7a7f9cfaecd375bcdaa20fec","sha256":"e41ff2bf25448947d8dab8b9ca03133890adb03079188916abd97b5498ea4fa4","sha512":"fe75a281232dd8aec23d33f4f14da97a77561267a7cccd1fc3c51f165aec9b69599ab0d7706c8f9fa72a089744e604a97b9b5f9950e4cab9c607bc2fc777023a","ssdeep":"","tlshash":"2001834e345c05e721b776e733f3820cb86756071084f492f74c869c0e008ba005b4ac","size":688,"data":"","first_seen":"2025-03-02T07:32:23.124386Z","last_seen":"2026-04-03T20:31:04.698237Z","times_seen":649,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"87044102cff06b623100ade4509413fe","sha1":"4910cda6da540e5340cc9357a21861856067ea00","sha256":"25d6d6174234062dea3e4341e86b162a91f2a8a245654aa69f6f5bd1282d23fc","sha512":"2781832da4ef05f20d23240d0321a6a74fba1a7baa07797ea68a8fb18b5bb7daf28176aec390a0a65bef36720af288df0be5afd889b52534c441ca011bb01a49","ssdeep":"","tlshash":"60d0950f1c1514382379147d10bae5ccb171104c907dd50040dcd4504964ed50c3d7c8","size":254,"data":"","first_seen":"2025-03-02T07:32:23.127917Z","last_seen":"2026-04-03T20:31:04.698887Z","times_seen":649,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"09b6a9ef54ab9c825298cd9a9d9ca45d","sha1":"eb87b20d55ec83c8d29417da60113f0283b2246d","sha256":"af68e9610525733157637c6a6d65d9d80deadf76dd5b96aaaafc133c280c09a5","sha512":"d9fa04f34e4c18a79fa7a70c631589cd16077e1c2fd880973624f8feb4d02cb19f56b3dca48ae8c60093d74cc0275d18bfd6ed9eeb9d58894498b86c5ecca8b0","ssdeep":"","tlshash":"e8c08cc028e20ea2553ee04218b9c29220712fed01739894e0ae931c2208060bbed23e","size":156,"data":"","first_seen":"2023-03-07T16:03:14Z","last_seen":"2026-04-03T20:31:04.70059Z","times_seen":674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","size":77892,"data":"","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-04-03T20:31:04.611191Z","times_seen":889,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4da556734f4b410ce3f99b7a5d1602c7","sha1":"796c0c45978d28d16ce343d9cc38154d80da9f3b","sha256":"99369cde7758c83db3a0cf8c5e8c2298d043bcb243c93b1327acd242b7cfd2c3","sha512":"22e0dc1e0b2fbc3c91874da0b1861484068c6c587f86c57d6796cbb03b120d61de2165ec8fbfad56b96e2bae76c29e5932f7108e05a436bd3d3239c6e350e264","ssdeep":"","tlshash":"d7b012315b10516e2594d02d353f1800fcc66117ca00c9b5663fd9d149c4cf0c1748cf","size":105,"data":"","first_seen":"2025-03-02T07:32:23.133072Z","last_seen":"2026-04-03T20:31:04.702073Z","times_seen":649,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7e281b6261d7a4389d1a73ba7edca4c3","sha1":"3ff58b8c22b9a16f71fc165c2fdca441df3116f2","sha256":"7977e1460356f3afb0bd6241246a968d2f485a905c6248e534fb53140c96c53c","sha512":"1d007f47c8fd6020cb584d67325b21835a8b1fd4a63ca49cc014beb6c895d2bcc47369134b46715a66cd24b2965e92e10116aac415e0b6f09045f79eb2b42ecc","ssdeep":"","tlshash":"c7b09288e9a8402a91ba1922242212cd19aa1866e8c000821462d99009bab4c656be9b","size":114,"data":"","first_seen":"2025-03-02T07:32:23.13386Z","last_seen":"2026-04-03T20:31:04.703062Z","times_seen":649,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"971c3cdc01aac017b45d6aaf9d29f3ca","sha1":"43b0e892b57bcf623a59772c8486e310db12b99e","sha256":"095e217a343951c56a3242eeb3e57680822ea3f9289c76751d6ab036ffeca2c2","sha512":"f63223e81453fdcd94958f3f49eb7534469ffbe1c58df30637d72679a79818c7f478847923dc48781ce5d7f6d4586acc1d9a19ddf97aa474f1036eb995c8cb6b","ssdeep":"","tlshash":"f7c09b31d97994d45d3694c5041593793cf4e03207dc5321f7d8716ca7ec75151a1643","size":134,"data":"","first_seen":"2025-03-02T07:32:23.135874Z","last_seen":"2026-04-03T20:31:04.703687Z","times_seen":643,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","size":34779,"data":"","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-04-03T20:31:04.666958Z","times_seen":664,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 20040\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-4e48\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 7917f3b6349478cf55cb144c32e0cfd6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20040,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"86baccc2262d17c30a1554f6b346b1c8","sha1":"696ce785c5c17611fecb6dd78d9662c141deffd4","sha256":"dfe93dfcc0d88efa36f759f6b0e758a0b37bd91aa65bfa7936763eda17ea6f9f","sha512":"858d5d94817390043018ef671701f57776bbf7f566ded8fe30966a65fcadb9feade8d3c1677f677b9c69b59eaa4d5e818af5e39ec08cccc9281c1dc4517a18d0","ssdeep":"384:ApJHP0rldn8i5UqqXdb3WGGNBIUbj43bXDrzctPOmWRh:Ap90rlddaqqXdM/IUHIr4VOmWRh","tlshash":"53928e946c68e9c1c97a840e246b1f7555a0f1c8edf2f3f06b93e0595c0b868ae90ded","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.590112Z","times_seen":776,"resource_available":false,"data":null}},"time_used":976,"timings":{"blocked":769,"dns":0,"connect":0,"send":0,"wait":203,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 3222\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-c96\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 4ef88331abf72c5b5cd92460c2510773\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3222,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"0f7cd96cb7cef4b9217f90e92920ab6e","sha1":"36cc27443ed415c168ef9e700224011fcc56dfc4","sha256":"cd8bbd1b5d1b7309612fe10c894f8c0a3a5ca889331da9a56414f373464501c5","sha512":"c62f01a4b4c4e59533179f7bd4b710964fdf1127a07ac56d7ce0e1908b8b351586dccb548e58ebb9424365894bb70acc33da4c41d3c2399ea78dd17c6c36b804","ssdeep":"","tlshash":"af614d6d6d9f238d11e99491f491b0ca0c31cbef74805d1564f7cc82ee91f5748398e5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.625996Z","times_seen":778,"resource_available":false,"data":null}},"time_used":971,"timings":{"blocked":769,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/register/","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-01T20:12:15.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /home/register/ HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:17 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=cljpsnmrbsib.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=cljpsnmrbsib.com\nPHPSESSID=6bnfoqopguksg0iaake09lps5p; path=/\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: d549c613e85fb1c0212ea1e5789a0dbb\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":103125,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (369)","md5":"1da2a384cda8959b1fe24e5a755bc4b6","sha1":"1864438bdc55dcb51cfc4d4d3ca0fcc0384082f0","sha256":"c7b8505eda0ac5ea63aad1bab641d760c3d4fab1b22afbbacbd6df4cf57c63c7","sha512":"362cf785252f84e2901bc8763ccc4982d298c426c969bbd119c5933b5fc420df6d8189178e92bb86bb2439fae5dc26ee1470cef567404776e147f527933c9b74","ssdeep":"1536:6qWYvSVCVRbY2ut/n6nAIk7WsV72hzmaDQCLL8fbkstgcdbJaOjQvvvuvKvrwvjQ:cqq2g86gBMg/WbJaZXWyzwb9WL","tlshash":"0ea3e710a8f94577017790d6b5bbaf1a7eaa8037d2068c1072fe4fc45fc2e82895776e","first_seen":"2026-01-01T20:12:49.284533Z","last_seen":"2026-01-01T20:12:49.284533Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3500,"timings":{"blocked":908,"dns":427,"connect":1,"send":0,"wait":1610,"receive":70,"ssl":482},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 2400\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Nov 2024 05:04:29 GMT\r\nETag: \"673584dd-960\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 63dda93670cc8f365293d7ffc8dd3a6e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2400,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced","md5":"da69e30e16cfe1ddbf85e3aa3642b21a","sha1":"8530f19327891df0e585355279ce85507e3ffda4","sha256":"c74d62e601ba04d4d92df4ef116934762c23316bca9f65dbd2c2b4b6e73fd431","sha512":"3bf68ecba7a87746a369e9e3d69422cdca616c6952716c27ae50528aaed987ce69a1a8d81b2d327be14914cd7f567dd0c2bef5075eff527cac9e9fd7cd091bfd","ssdeep":"","tlshash":"17411a95bbdb6a13120982a620fe6002ad210800d9f2bd6538db4c733ce07f21964fed","first_seen":"2024-12-13T19:22:27.987299Z","last_seen":"2026-04-03T20:31:04.673565Z","times_seen":537,"resource_available":false,"data":null}},"time_used":1039,"timings":{"blocked":838,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/css/style.css","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"104.21.68.47","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 18:43:15 GMT","end":"Thu, 05 Mar 2026 19:40:25 GMT"},"fingerprint":{"sha1":"5B:66:65:98:81:FC:02:12:BE:8A:3E:A2:CB:B6:CB:92:E0:EE:1E:8F","sha256":"92:B0:5D:3B:74:26:24:9C:EB:E0:D4:B8:0C:B5:59:29:8E:E9:4E:87:C7:F8:CA:6B:F2:E6:75:FB:37:AC:C2:C9"}}},"request":{"raw":"GET /global-activity-entry/css/style.css HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 01 Jan 2026 20:12:19 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60ca3dbf-1099\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tIp9Q5KVx9Mbpu1VHZNN%2FprEOgXxBJj1vVTAGy3Q7H%2FFuCqcxmfPqjajOujO4%2BeslluulcMYTeriDit5GuCbrGxXDNgwBVrxRhGUihOP\"}]}\r\ncf-ray: 9b74abbcefb1b500-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4249,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"0c6d034e188bab046fdc5e2bf379985a","sha1":"2d488cf25911a2fc18a528d7cc379ccf0cfe81b9","sha256":"4d22d7a96ba44fa03ada1e71245b3ee64e1e91a1bbe9287957429ab8a1ab0f5d","sha512":"cb7466d46ac336aa2c569e1c8ff81e4576d7b4882259a8e7b278e89158345eaed5e71567878a6e78a3ec54fdf339e86857695fadd6c84194c0a54de40240dcb4","ssdeep":"48:FLYxjPtWs2MYEuZh/Vzlj2TTc4JnAWXorJfNlfUstDTj54JI74koECOH8WzurfYh:FLC2f1YYDO+h0HfYNsu+zjfrQ","tlshash":"9991cc7d4b0722044637d6587bd54b668638d063bb0729de7bd506ce0b91fdc02b1aab","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-04-03T20:31:04.592425Z","times_seen":543,"resource_available":false,"data":null}},"time_used":708,"timings":{"blocked":39,"dns":9,"connect":1,"send":0,"wait":631,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-new.a4hskh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"71:57:FF:2E:59:F1:FC:B0:75:58:A9:CD:70:F0:B3:0F:C5:25:29:C7","sha256":"D0:D4:6C:CF:CD:75:20:FF:29:86:02:CA:01:14:08:B1:EA:E9:43:53:16:3F:92:72:7F:E1:AC:54:E7:A7:F5:5F"}}},"request":{"raw":"GET /activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 106930\r\nlast-modified: Mon, 26 May 2025 12:22:57 GMT\r\nx-amz-server-side-encryption: AES256\r\netag: \"7907a7882ded0237441091b52c3b50ea\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b8f0629d5b2c2ea6f64584efea909a50.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HKG54-P1\r\nx-amz-cf-id: 1Gemu6WWpiXPI76ec8ptKzcyCG0w2HCh6RoP2LgOWDk9IvUGNWgc8g==\r\nage: 62362\r\nvary: accept-encoding, Origin\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":106930,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"7907a7882ded0237441091b52c3b50ea","sha1":"209414f453c53fcf4e63f7ea0a97a550d8aeea67","sha256":"df2155b8cffbead53e3e14bcce48b057ed7675416c59fb30a119371e6c3e97e6","sha512":"2bfadbaecc029a20dddf059c4391b947beff06a641016ae6464b11abd7ca41b5d4789f3fcb77c3ec65ddd3538508e47704e682b1d2f1c18f90658dd6c279a546","ssdeep":"3072:kEfWMVC/yIjXMLpQQDhMaQEXn8vTiWzyToWR3YjkC7O:kSD8yWUHhnoTdyFmP7O","tlshash":"c3a31254bda0f6a3d67fe7e9ebc5075d6f9f424a8e59c22c60343528ad2f9c28036170","first_seen":"2025-07-18T11:22:50.671167Z","last_seen":"2026-03-19T10:33:28.684969Z","times_seen":471,"resource_available":false,"data":null}},"time_used":3173,"timings":{"blocked":1076,"dns":638,"connect":202,"send":0,"wait":609,"receive":411,"ssl":229},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1767298337","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/EagleEye.js?1767298337 HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: br\r\nSet-Cookie: E2Token=087dddf0-1a79-4157-9e89-888245b33bed; expires=Tue, 01 Jan 2036 20:12:18 GMT; path= ; samesite = None; secure; httponly\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1436\r\nX-Rate-Limit-Reset: 2026-01-02T19:33:19.7388106Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 1c08df03c62f83e76fb19505fb84f9b7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54308,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37140), with CRLF line terminators","md5":"1c6a76d8efe6bfdb4428aeb42f788be2","sha1":"f0edd570f0af5fabac6382d5057a90b60c6c0036","sha256":"d53503c66fe5aa4919112552650d58f818b415c7d6dd3b1b7e854df2f58a8071","sha512":"26aa3e4965be0db20eefaade2ba7299d79b98f8242b3495e1658a17ab0b08171feadaa470777f676f21d0287e8ed689b01e361a4b1b14e7a20a608664163ef3a","ssdeep":"1536:N6gk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:VGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"7033e61ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","first_seen":"2026-01-01T20:12:49.291831Z","last_seen":"2026-01-01T20:12:49.291831Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1929,"timings":{"blocked":737,"dns":350,"connect":1,"send":0,"wait":427,"receive":3,"ssl":409},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_08p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_08p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 14696\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3968\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0794404188bcfece175dd174ba7d4d15\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":14696,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"ce8af7d88dfe5a8cc857666523c01fea","sha1":"370b5c460e31540ff1c8685fe2188adfc8fe3641","sha256":"7ba510715c55f7c648e19a82b9690f58ac0136c370be907bcce569c08bf03a74","sha512":"b9764ef8173289fa4b4214274745843e1cbcdfbbb7b1cbd5d1ee9e00beb3e0c0410b714bc466bf7f9bd3ba7515cb562460b1c175e03c25900418ea4bbfb68679","ssdeep":"384:XJXE05RJmFuDKsllhSHwRJ5GotcrxjYvFx:F35TmFuDKsRXurdI","tlshash":"1e62c0bb453095b578e6b81e0cf21a8b37b94fadf54e18665202f0ef60969c38e1852d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.671472Z","times_seen":759,"resource_available":false,"data":null}},"time_used":1370,"timings":{"blocked":1165,"dns":0,"connect":0,"send":0,"wait":204,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_1.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_1.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 9153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-23c1\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 676a7acbad4e84d98e6eae3d54854708\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"35232fc24b2dc1c976d9c5dc6a13c8c8","sha1":"f5003ab920e63450703abae5e6e6be411c04de45","sha256":"e13f9e04322055a0384d1cb68558705c6514711cd65496f8d640537ee6c03247","sha512":"b7ff4fd1576beeef3fb95a7c0a493891e4dfea064b585ad697f4a092dfb54b5f086bf4cfb197d68574db1f634fd6209161408bf83d61a84ec6094d5b108c7fc1","ssdeep":"192:gvmo1b5upO8VQNrg22Q2aRrjnhImlrznwbcLl+IgGT:gvDXMNuqujhIMzkKII/T","tlshash":"de12afad3974c4133b3670a42867c776c8ddc7b08a555c4ab58c4712ba30330951ebeb","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.594273Z","times_seen":771,"resource_available":false,"data":null}},"time_used":1825,"timings":{"blocked":1163,"dns":0,"connect":1,"send":0,"wait":201,"receive":2,"ssl":458},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/luban_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/luban_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 27141\r\nConnection: keep-alive\r\nLast-Modified: Tue, 26 Aug 2025 02:00:57 GMT\r\nETag: \"68ad1559-6a05\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c8a21a9c6b375c479dfa2a91843dfedd\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27141,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 123 x 283, 8-bit/color RGBA, non-interlaced","md5":"7496171e549953127295b170e658bb3e","sha1":"d0fd1a644338a3c6eae07b1a726203360bd34285","sha256":"a7ace7e87d773fff86238e57ad2c30a514ed31c7a90baa736135c57483cb7389","sha512":"5be0c262fa1af9bad269c7b61d3c123d6b594cfd5a6f74679e54eeea7c8c4289731a9bb92e5509f1922321dfc63417bdb7cab042ec4f53439aae3b9541deb5a1","ssdeep":"384:xREdTUsNSchzyAohwxegbULB+KvvNFdUizKhuNUi/QXMaUV/EC9dGgkj:xKxmjgoNvvbdxuhuRMMai4","tlshash":"20c2f13de93d11212055fe80ed9eb596b2bf2e120d93c5e8114cd4cd220ef73a55ae97","first_seen":"2024-12-10T08:27:59.944336Z","last_seen":"2026-03-01T19:24:36.816574Z","times_seen":452,"resource_available":false,"data":null}},"time_used":1782,"timings":{"blocked":1154,"dns":0,"connect":10,"send":0,"wait":203,"receive":3,"ssl":407},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 3150\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Feb 2023 01:02:20 GMT\r\nETag: \"63d9ba1c-c4e\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 59766660818081f6e976788d8e3198bf\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 39 x 373, 8-bit/color RGBA, non-interlaced","md5":"a64222f0baf49b7b54175cb4b70c7772","sha1":"179e5f57fdd5dee04578274231a5445b76b83ae2","sha256":"382fcd4debce444b68de702fa69d2b8935ba546457f1a36d358d312baec1f35b","sha512":"13ef9e867c04188713a5812ed810ccd9f80771648acfed7ee5a3b7ffe0862f67233d1136de6440ade5854d2a14012fd6d7f1751c010a6f8dcc708d4c6d640291","ssdeep":"","tlshash":"ad514cc1185c2e117ffd4130cece1ff99c9e2da667e0a29d8639d1926da4310f4a5b8c","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.649359Z","times_seen":784,"resource_available":false,"data":null}},"time_used":1241,"timings":{"blocked":1040,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/tick.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/tick.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 444\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1bc\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ab21bf1ba4d50b61141aae55dfa741e9\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":444,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced","md5":"077cd6729828909df9e8d387b91bdaa9","sha1":"e18a6a43471158c5af525d6fce505a5695a87e49","sha256":"c3dd497f34d2204de6f86a554ca97321a269d2d35482c4b79249a2cd95476783","sha512":"fca1c13107960e24c1fe4e2d26da0953e9fe707dc8a7f5127c349afecac92bfaa98d551d9c031fd1c3b71eb3ede634ced3ac7e5e971ed23a2b21562e28798f0d","ssdeep":"","tlshash":"60f05c52ab957d1dde5895721b8d025908b24204252a0b4cc00cf0765ab9bc17e51079","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.679054Z","times_seen":779,"resource_available":false,"data":null}},"time_used":970,"timings":{"blocked":767,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/home/getGeo","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"POST /home/getGeo HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://cn.cljpsnmrbsib.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: application/json;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=cljpsnmrbsib.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=cljpsnmrbsib.com\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 44c09d1857200fed5e531204a7f8d606\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":146,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"675ca17e5b94ef20fd620c6792e6bbca","sha1":"7986d1ad507a7e06f21eebc12271d103c3135c53","sha256":"2b69251e2e6dd2e6475932ef63301c416e89db4b6821de01ce67a10b58206889","sha512":"303081d0e5a51eb633249e5b65d79c671aabe7dc8462cab5f6f5c57f9330dec42366509fdf3fb605a735c36d23d32865820fceb1f6eef510b36fe04945b30fb0","ssdeep":"","tlshash":"74c04c6e15d04538e9f683cead0bbf271aea4910a256055da9c8a784bb111ec9281117","first_seen":"2025-08-24T13:27:11.203711Z","last_seen":"2026-04-03T20:31:04.628291Z","times_seen":488,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":473,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /css/base.css?20240823 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 31 Jul 2025 05:17:37 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"688afc71-2a29b\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8462935940037b63b6b0cd6e55b58924\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":172699,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (539)","md5":"d8f8a95247ce1dc562e2dd3feecd42d6","sha1":"63d95114640a1e87a615bc1752a54b4d5cb436c8","sha256":"515515e5a85369edffe2903d038c2615153135e91e4d0cabaa85770d5f85568c","sha512":"86b40886f9a7ab2964dc3a7e1336bcb2735311977fc68d9a36892ebc443af3b4575902c65269c2d271c2cf1f9002a465427e8fab1306b0219bc2a901c9e5f95e","ssdeep":"1536:11H5u9h1KDKFfCoYD8B+5yZbosh3kRRHMOFCaIAVUT2sbGVyGeDzb2NcdYqaGN+3:YWDKFfCoYD8B+xDzV7sbGpeDzbi+SX","tlshash":"3cf3dc0ad0ef218b717bd8b530abb6e5e119814ae1124f7d726c73bce1fa65c8132e15","first_seen":"2025-07-31T17:03:23.85244Z","last_seen":"2026-01-19T13:31:43.420571Z","times_seen":448,"resource_available":false,"data":null}},"time_used":1655,"timings":{"blocked":711,"dns":314,"connect":1,"send":0,"wait":204,"receive":8,"ssl":415},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/member/reg.simple.js?20230220 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 31 May 2024 03:05:12 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"66593e68-2b0c\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 712b94500b281a3d32dcc7141b17546d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11020,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"resource_available":true,"data":null}},"time_used":1092,"timings":{"blocked":891,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:18.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/logo.js HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nCookie: E2Token=087dddf0-1a79-4157-9e89-888245b33bed\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: max-age=86400\r\nContent-Encoding: br\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1434\r\nX-Rate-Limit-Reset: 2026-01-02T19:22:58.8626664Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nc-Type: st\r\nrid: 732eba20a5b6db5fc49f9a23495d1b94\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"ee7cb40b3bbf72c0a37e5f6d4af5172b","sha1":"581f427f18c8e208125c813d11c68d7def10c9e3","sha256":"ea3da5a01b7382e046c65426894900423a3622f74a2827bf4df407f2ab9578fb","sha512":"c8de7f43fffd403e1318ad60bf4780085447bfbcc27be7ee2acca425fb5c248057aebdbc700779fcd79216f69d16c2831fc4ed8f86cdc975faee26ef65c16afe","ssdeep":"","tlshash":"5fb01283051c2004b05060ab1f90850846280a252ec3876940ab1233f0cd4709c7db3f","first_seen":"2026-01-01T20:12:49.302552Z","last_seen":"2026-01-01T20:12:49.302552Z","times_seen":1,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/common_spirits.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/common_spirits.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 8399\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-20cf\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: fd1dfe5e65c38e104caca6f61c5671c6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":8399,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 853, 8-bit/color RGBA, non-interlaced","md5":"44540d8c4a0f15ac3c79ec50c38068ba","sha1":"09a60fef078669da7113fbc9f9129b3a238e1b10","sha256":"d963d332fe095e110da648b267af4941bcb3d0b3988459d5f2039ebcadf4c2f0","sha512":"d67fb563e9db8d886bf09cd391361411e19aefeb2a60a37bf11eb38d985dc1c568281bae50aa71b504efb6a7bc6026340f809e797356816a430118e4f92f82e5","ssdeep":"96:1PodqmMbZJnxtCv2QIo3WG/INSvX3pwN0lu/hpSj8hj4LeQtJmzpwYFE1+m30tBY:1PqgnT8n5DluZph4y64zpx8aM3DJl","tlshash":"51028ed002b9316ed9643b22abbf39680ee289aaf4bec33448d4173731694d0457ce5f","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-04-03T20:31:04.607123Z","times_seen":629,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 284018\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:04:35 GMT\r\nETag: \"6344dd43-45572\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 41accfffe6aca43cc66dc0c30958783b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":284018,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1920x1005, components 3","md5":"0b9750ad0104aa2243554d5b8007f99c","sha1":"a4fa7203acf5d89e0a8bcf976ed5d7eba62f30e4","sha256":"d234723f8ad984edd04a5dac23778f6832fdd954187461b8b09d46f542dd41e5","sha512":"6cfbf1045d4ca6a956f1bfdbbd39ab5fbbcc01a64612269dbc69b0d663f37ff8b289a657542ad0e00f54e8533e025306c5810ad6fff71782b65f4afeee65ca25","ssdeep":"6144:r+Ywcq6S74AwBaFtWcSnU0aOe+shTOMLO3jpT9a4:r+Ywcqp54aF8pU0cTOMLO3jR9a4","tlshash":"fc54223006e0e7531a7012f36f579fbb5e33a37d68a5da0c69ae168f4c4a35426f204e","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-04-03T20:31:04.630208Z","times_seen":732,"resource_available":false,"data":null}},"time_used":1448,"timings":{"blocked":512,"dns":64,"connect":1,"send":0,"wait":203,"receive":212,"ssl":454},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=01A358E08CEEE30A\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1911977192\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026v=1.3.2\u0026lv=1\u0026sn=15996\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.cljpsnmrbsib.com%2Fhome%2Fregister%2F\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=01A358E08CEEE30A\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1911977192\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026v=1.3.2\u0026lv=1\u0026sn=15996\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.cljpsnmrbsib.com%2Fhome%2Fregister%2F\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=7B05CB70D51ADA88; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T11:49:22.531133Z","times_seen":326823,"resource_available":true,"data":null}},"time_used":337,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":337,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/messenger.css","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/messenger.css HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-2410\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: bcd90022267b3eb3db6aa874a6a24685\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9232,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (538)","md5":"26f774e67203df0b4387b8fdee38643c","sha1":"d46d750b7882c8c3aff3690472c6ad6c5c32d546","sha256":"3d3b344953f5a8668a3a045c902c84e530407997885301cfffd4a1724b6b37f8","sha512":"d2fbe717e58dbc07551690f0d18256cbef2b33adce004da7d83adb34866764ec94ea6ec5d91a9a65754f0239cc98dfc4b7caefb1a1b427a7e5818671c03288c2","ssdeep":"192:Qi0KrdIJjkB1IbXwdRoqXaS3TIFTKC32XifM1N:QiBrdIJnbXwdPC32XeKN","tlshash":"a812f022c5c51927133fcb53add557584f238b03aa1ed4ad66deec4fc70ae6812e630a","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.662187Z","times_seen":928,"resource_available":false,"data":null}},"time_used":1708,"timings":{"blocked":742,"dns":311,"connect":3,"send":0,"wait":201,"receive":0,"ssl":442},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=UA-119765380-3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 01 Jan 2026 20:12:17 GMT\r\nexpires: Thu, 01 Jan 2026 20:12:17 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Thu, 01 Jan 2026 18:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 111274\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":320843,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"84f707c42ce286c734e1351ebd8fc39e","sha1":"b2021ec61d5ad9c1395410b4e13af7700c071985","sha256":"a2de57bf4c6dfff1abdcf42fca01668efb16c528e609dd83d4065aec6de95d9b","sha512":"48f6f56196fdf71d26620ca73f9d38abae3db750e5dc1d94bdeca73e4fbf147b97b6ce1c01204cfac0ff1bb27a656adceee2d7795901a79d8e1cb7bef2af7428","ssdeep":"6144:tIeJ92bulKYv9VGDmHYmyBFzfns1RnWC46pJem:Opbu7lEDnsrWCDpF","tlshash":"956408c9b3da74268393a474503f108ba27b69d2f84cc895f185ccd42e74aaa4277f7d","first_seen":"2026-01-01T19:19:15.194799Z","last_seen":"2026-01-02T07:57:12.38048Z","times_seen":13,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":1,"connect":20,"send":0,"wait":34,"receive":51,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nServer: gocache\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T11:49:30.368697Z","times_seen":13330398,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":276,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/modal_reminder_logo.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/modal_reminder_logo.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 14074\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-36fa\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 23600a9bb26fcf7d78329fd5d60c2408\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 569 x 555, 4-bit colormap, non-interlaced","md5":"3494fbc85e95ef708a1db6668fd2e401","sha1":"b9fbfc60416cd990012546e74b0fdb38bdbebe19","sha256":"3167f9728906a03ceaea850d57533fb5c253a38b94cfd55d245f714d7f18afac","sha512":"78791223a160d4012f76fad660815eb9fa01d4beb0bc98de01288e66b477a3c739a4b8ec0fcae6263fc66aee0eae43780d1abb663dc25b635bb9f702bb0eefff","ssdeep":"384:ZArYvJEV26jJlaWFjf8KvQdlbT3mc1qm+wTR:WcxaJlaOQRN14wV","tlshash":"0d52cf1c0cdd9c4dbd74129169409f8b5c70abfab9f051eb88caf218b6af9402554f23","first_seen":"2024-03-28T04:38:14Z","last_seen":"2026-04-03T20:31:04.678515Z","times_seen":616,"resource_available":false,"data":null}},"time_used":1382,"timings":{"blocked":1179,"dns":0,"connect":0,"send":0,"wait":201,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/banner","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 08 Nov 2025 00:00:00 GMT","end":"Fri, 06 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FB:31:F3:6C:3E:E1:AB:AB:09:AF:26:D9:02:4C:82:AC:0B:37:03:15","sha256":"E4:06:69:75:8A:68:E3:AB:0C:E6:73:25:3E:79:FA:85:DA:22:7F:B3:2E:5F:C2:E7:F9:F0:DE:CD:94:FF:8B:8B"}}},"request":{"raw":"GET /api/banner HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.cljpsnmrbsib.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:20 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23289,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"55ebe2e15aec63c9d05138847bc6a624","sha1":"ffb6cd1dd00f0eadea10256d3f50ee4918b94b41","sha256":"969b4354d016b8dc2ac6ae5d0cc4cbcb34f3770672f0c8c1c25a72448f5daa4d","sha512":"171a6267cf3a4511dd5abd3028a1ec54ad474a9886fb16e4216906e2ec3a2597659d05a5c8c9894e3a13fbfc003039e465ea4497a14b9c918a0cab41ce7f1387","ssdeep":"192:IR8B1GBwZNVB7UBSvBrWbcH9sBUzZO3BIyB8iBevhepNBZuB2aw/Bof/ivBH6uB7:DZJRFBC","tlshash":"05a2594158a8ec774de07bdc0c4919a271cdb941fc8cea96eb00feb852ae161d61f19f","first_seen":"2026-01-01T19:19:15.221319Z","last_seen":"2026-01-02T14:06:56.397623Z","times_seen":12,"resource_available":false,"data":null}},"time_used":2181,"timings":{"blocked":868,"dns":423,"connect":204,"send":0,"wait":443,"receive":0,"ssl":240},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/tg_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/tg_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 7233\r\nConnection: keep-alive\r\nLast-Modified: Tue, 13 Aug 2024 02:02:19 GMT\r\nETag: \"66babeab-1c41\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c67fa84bce5acd2a8579bdc6bcc3d542\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7233,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"6f828495b8948381356d8f958e0e3816","sha1":"8a776df06f7f07a71a8811311450b978399117e9","sha256":"fe6c74efa40b05488d4e4944a45f32d22a8b13e60637ce57bbc04b5b8323663b","sha512":"5a64ed664f2bf2d934d7c0a41a51a5b95ef998087f3badfef552d3a898648fef2b561d3a09ccd64188d55f598fa3c62d98f3d3052c28f7a17bc1d887acf9b398","ssdeep":"192:5OC/PcLhB496ikdrltIH7XTYtHSEskZNpjZf1GqsiR4KM:3k3BiGrltO7Utrp3GURxM","tlshash":"a4e1a0ebf811dcc2f508a74bc452d10286ad59074774f5ae7f9eb5c3ac2098547ef44a","first_seen":"2024-08-15T14:53:49Z","last_seen":"2026-04-03T20:31:04.610041Z","times_seen":569,"resource_available":false,"data":null}},"time_used":2597,"timings":{"blocked":2395,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/icon_eye.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/icon_eye.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 388\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-184\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 6f523a8ed0ede4012ea4a25bd363907f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":388,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"25caaed99359f8457952ec929497c610","sha1":"d79b842381cc35b013b72e8eee86aaff32cc68b1","sha256":"ae84f234ff196c67c9d72336ace3a039460ef08dbd54bf288de428d8dfd4365e","sha512":"626735e0ad18bf56854307da6e5a63b269f014ff6b915ca132c17f951e882beef470b275b664693b25a6be6853ae0c0677e6696f3d4678b3eaa4a612dff2de5c","ssdeep":"","tlshash":"6fe0c0d31b1dbd30cf5801373e9157143962b2846283b108b7845102d8c63593cf7fa8","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.631064Z","times_seen":777,"resource_available":false,"data":null}},"time_used":1171,"timings":{"blocked":970,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 6153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-1809\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3287bb5bda68f60bd4aaf43c2c357679\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"89203da3a7f6cd69c626446854368222","sha1":"0a861d62cd091a150ce253ecedf0dff49c80b3f0","sha256":"ae58de0a439617b67724ced1eee3bc04d8103d1a8f34a9ac362d1a842e06d2e7","sha512":"37b0293f4c467a53f8b4527c40345e89d407811a4e7894263663847ecc5406c8d101c2dd9711f4fd099ec325b9013d1337154600b0f87b8fc3e5252a771993c5","ssdeep":"96:tnCr4K+CdLuWy5kOy2k17lRtUsvqI8ydwBlz2gcwNkABBbbk/eH+Tm4Mi0UPftR7:tnCr40dKOOytRhFNaNTDbsxCdixHtUQ","tlshash":"5dc1aef06ab50164f022342747b70504a4167fd89974bc9063bf9f8defe6743e868ad1","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.682238Z","times_seen":782,"resource_available":false,"data":null}},"time_used":1170,"timings":{"blocked":968,"dns":0,"connect":0,"send":0,"wait":201,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/index.css","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 19 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"99:09:F8:08:0E:12:67:90:CD:CF:6F:BB:FD:A4:24:0B:CE:22:68:BC","sha256":"8D:09:C8:8D:E9:B1:66:60:30:60:D8:0C:95:30:0A:E9:BC:A6:D5:11:A9:28:82:AB:A7:90:99:A8:C5:E8:62:E8"}}},"request":{"raw":"GET /mxstatic/index.css HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 27 May 2025 05:27:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d34-13bc\"\r\nexpires: Fri, 02 Jan 2026 08:12:12 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5052,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"33009c301e789707d7c69505ff50d74c","sha1":"cfae09fd67a040052da9da88e0b6b7184c68a4fc","sha256":"bbef70cb02415d56036f01eed877aca7e946f6ce14f39ce52899b1c19f3360d7","sha512":"54d3eff35b7e2e5b03386955f05ce0bad1aa1d8586ae9f70efe9ba5660ba33a7c18b0840083e190af9bbca26d9ad7d032945a4e5c08439ba7b2f121ef268e2d3","ssdeep":"96:U5KsCmC+sCMCW/rnidi/kisClOC3vyb1CWg1KBscndYYC5xNESG0cCTgfeJ9SXEl:Jj1wDW/ridisisCltqbI9GscdYdxNDjH","tlshash":"d0a13259a7f60604681fc1943dd2a759a239c043a24fcc3df6d2204caeca1db72a7bd6","first_seen":"2025-08-09T14:13:17.039422Z","last_seen":"2026-04-03T20:31:04.627218Z","times_seen":438,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/arrow-left.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"104.21.68.47","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 18:43:15 GMT","end":"Thu, 05 Mar 2026 19:40:25 GMT"},"fingerprint":{"sha1":"5B:66:65:98:81:FC:02:12:BE:8A:3E:A2:CB:B6:CB:92:E0:EE:1E:8F","sha256":"92:B0:5D:3B:74:26:24:9C:EB:E0:D4:B8:0C:B5:59:29:8E:E9:4E:87:C7:F8:CA:6B:F2:E6:75:FB:37:AC:C2:C9"}}},"request":{"raw":"GET /global-activity-entry/img/arrow-left.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 01 Jan 2026 20:12:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 710\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-2c6\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U0w3au8qHcep5UBNkkg7XiACHsAE0clC0JzbUfAP0NUI%2BfJ8A5UqC6PxvrOzvTZ4jLfeADRTONj6RJJ69aoHYFO9BB85zkmgKoPUCFdl\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b74abc16e20b4eb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 34, 8-bit/color RGBA, interlaced","md5":"75283be3b7efd575f15a3c05ec9a83e5","sha1":"8646eadd0f93308cd0bd224242393f505e920f7b","sha256":"14dde123a93666ed0e806b324627c3cfef68a77e1ec346677fd6d1d05187685a","sha512":"f647f432cee300847d1f2bf7a0974885b9bcf773589cf0644ffd0a97282546ddbf6731f08658fa11732d150f17b5849db18c8e5ed1d586043e443806b60239ad","ssdeep":"","tlshash":"03014eeb13b47f50e7a1ac372d82d3280eac89b57514468c01401ab98c7e4cead983b2","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.656935Z","times_seen":507,"resource_available":false,"data":null}},"time_used":630,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":630,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/fimg/i2022109557596bf60a4a37a8fd6570231b8312.png","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /fimg/i2022109557596bf60a4a37a8fd6570231b8312.png HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 228056\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:07:34 GMT\r\nETag: \"6344ddf6-37ad8\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d12b39825c487220ae1c52408f50a1c4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":228056,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 838 x 572, 8-bit/color RGBA, non-interlaced","md5":"ad437106303315b23ca37c00fac9b9a7","sha1":"f503a3d13adaba3b253e4adb493181f86c50bb6f","sha256":"9624ab5cf4b378ccbf9525a00dfbc12c923cb62d887e8bd6a69c4d140c6a8133","sha512":"36cf78c0da7bd3530167e12f2bd3a0f75c38a745f337075d0b493eb41d6e035a2e7fe461df7a771e94eb42e69f419eb3af283b220bb211a2b652d8f55d47558a","ssdeep":"6144:/LkBXH85hsNRgjSxVQldvROEZ7dhzZA6x/qQ:QqnsNRKOVwdvgEE6IQ","tlshash":"122412ecb69b980fef3d1147925c0db4e0f820043b1c9277a155e9b7e8d21a939b5acc","first_seen":"2023-05-05T17:23:57Z","last_seen":"2026-04-03T20:31:04.665934Z","times_seen":679,"resource_available":false,"data":null}},"time_used":1545,"timings":{"blocked":1152,"dns":0,"connect":0,"send":0,"wait":203,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/kz.js?20250807 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Dec 2025 02:53:12 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69378f18-10cb3\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3e1c75bddd3213aa2bb36e728ce932e6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":68787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"resource_available":true,"data":null}},"time_used":1095,"timings":{"blocked":891,"dns":0,"connect":0,"send":0,"wait":202,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.eaafacef.com:2053/entrance/api/config?status=1","fqdn":"api.eaafacef.com","domain":"eaafacef.com","tld":"com"},"ip":{"addr":"104.21.67.198","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eaafacef.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 22:38:23 GMT","end":"Sun, 29 Mar 2026 23:37:00 GMT"},"fingerprint":{"sha1":"0C:1F:E1:0A:19:A1:3C:0D:66:32:5C:75:91:E5:F0:18:DA:89:4F:A7","sha256":"37:AD:B7:8F:36:E9:2F:C4:B1:95:35:27:43:02:20:D6:44:9F:2F:0F:07:64:1C:8D:D8:14:9B:B7:2A:57:9F:87"}}},"request":{"raw":"GET /entrance/api/config?status=1 HTTP/1.1\r\nHost: api.eaafacef.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.cljpsnmrbsib.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 01 Jan 2026 20:12:20 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 59\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, Content-Type, Cookie, Accept,token\r\naccess-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS\r\naccess-control-allow-credentials: false\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EgX1T1i3UJrUwSzF0OwKfVc4xhn%2Fw95e499tkARee6JTQU6PDSE%2FsFBfPws5EPiMYnzMKDELQky8tD%2F7aclGH1ax5dhGi%2BzhO0FHLvGrcxM%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b74abbcec05b1b8-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2145,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"fc18215d59d4c2c86d3a6d2bd416b256","sha1":"962d3c3903abef63c07594f4f61200af9386c08f","sha256":"521eac96fc484885f84e9ded03a8cd4a128517781a5448f42ef98ab28cbe0a8c","sha512":"4b2b2a79f5f4abcf91d621cf151bbb69116296bc4d8d7d433ae21cb6583be599cf1d8d99af54c63dd3acbd79ca7c393d8d8af01917ca1a5360a6c53881c40d3a","ssdeep":"","tlshash":"6c41c16603ec76f48b5b52c0840e3bdad06e7b23c804dea73e1dae1885616b1184903f","first_seen":"2025-12-28T19:25:21.33117Z","last_seen":"2026-01-04T09:34:03.049981Z","times_seen":45,"resource_available":false,"data":null}},"time_used":758,"timings":{"blocked":38,"dns":10,"connect":1,"send":0,"wait":680,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e5ca1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e5ca1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 01 Jan 2026 20:12:19 GMT\r\nexpires: Thu, 01 Jan 2026 20:12:19 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 132123\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":384168,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"065750634f1a0c26463a10bf20541dd6","sha1":"c176a393740b049077a912920a3f7ec0102b6f58","sha256":"c6bfd3b6a3c9f05282f4b498adcd37873e8fbc7c3a75ed8159c4aeb2f5b3c1ec","sha512":"8ef5e756a2a329e9bf9a466ab7211c8cf74aac8712c9835932e13d71389994da6812eb88b688a095f83a8288a45a944cc706aa955d7f2db68fcb9ac82e002733","ssdeep":"6144:YRIe7ma2bulKY/1u99xHDmHYmyBFzvnszmxWovPad4FpC1+T:fC8bu7/1mbrnsOWdMpX","tlshash":"fe8419ce73c674669392a078503f118ba57b69e2f44cc895f18acce42d746aa4237f7c","first_seen":"2026-01-01T19:19:15.261407Z","last_seen":"2026-01-02T07:57:12.398246Z","times_seen":11,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/main.css?20250825 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 26 Aug 2025 02:01:04 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68ad1560-f1c3\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 05f49e11987a892301cf18d3637b6dde\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":61891,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (449)","md5":"740f7be943c9e5f644aadbe42a4ddada","sha1":"ac15d4d0715ee478a2c822ee5377fd135f2819d9","sha256":"202e7c9e304d9d6a1834490b77a59329af2e849d41eefd28fb2db71898f7ef52","sha512":"641ef9779d24b50193da0c0a7937557c9416bbd62cbf58bf2ff572e2e3b73146668d378c720b77711d6ea3b4b42642fe0073d97795355b0d71ce62c93b639113","ssdeep":"1536:ZoNrfbP93Ytk3pZcG1cF3NE9GG0gYAajgHwEUVtrydv4ffEqyPouRPf++J14Sqgn:ZcP93Ytk3pZcG1cF3NE9GGMEUVtryC+r","tlshash":"0b53a721e9b9220ab03bd562b4e15faa22398017d1171fbc657d3a7de6cf0d81177fa0","first_seen":"2025-08-26T08:39:52.026045Z","last_seen":"2026-01-19T13:31:43.435471Z","times_seen":387,"resource_available":false,"data":null}},"time_used":1663,"timings":{"blocked":718,"dns":287,"connect":1,"send":0,"wait":203,"receive":1,"ssl":451},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 19 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"99:09:F8:08:0E:12:67:90:CD:CF:6F:BB:FD:A4:24:0B:CE:22:68:BC","sha256":"8D:09:C8:8D:E9:B1:66:60:30:60:D8:0C:95:30:0A:E9:BC:A6:D5:11:A9:28:82:AB:A7:90:99:A8:C5:E8:62:E8"}}},"request":{"raw":"GET /mxstatic/banner-notice.js HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:18 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 27 May 2025 05:27:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d34-4951\"\r\nexpires: Fri, 02 Jan 2026 08:12:16 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18769,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"resource_available":true,"data":null}},"time_used":1217,"timings":{"blocked":-1,"dns":427,"connect":202,"send":0,"wait":357,"receive":0,"ssl":231},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_return.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_return.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 778\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-30a\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a530fe43ea38a35d48f2c3220edaa6c7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":778,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, interlaced","md5":"fabab84476aede515f6619fb53cec396","sha1":"84650df8e118c2c101bc0bf6e20d9c76d4303b06","sha256":"8141cf949879defeb74a01e369563041075c8417c2f3e8789bd07fcdb6499552","sha512":"99f267bd6c596ca4ccf617f05a2c86edb2ae6a805fdd5ff3458c66853e87760d215225373e71cbdae688936cbcb88441bc3138eadbad694364fcfc7490eb50c7","ssdeep":"","tlshash":"d70120c5d7761db0c2c161b7163f9a8b1a0b8516a805a10d2e8634b39945f842d8679d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.612656Z","times_seen":780,"resource_available":false,"data":null}},"time_used":1384,"timings":{"blocked":1182,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/news?try_platform=4\u0026status=1\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 08 Nov 2025 00:00:00 GMT","end":"Fri, 06 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FB:31:F3:6C:3E:E1:AB:AB:09:AF:26:D9:02:4C:82:AC:0B:37:03:15","sha256":"E4:06:69:75:8A:68:E3:AB:0C:E6:73:25:3E:79:FA:85:DA:22:7F:B3:2E:5F:C2:E7:F9:F0:DE:CD:94:FF:8B:8B"}}},"request":{"raw":"GET /api/news?try_platform=4\u0026status=1\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.cljpsnmrbsib.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:20 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":526,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2088b7d01971f3060f5e89dd786e6708","sha1":"ff4ad9930dfc4816d23ccf1397be8ac68f980f23","sha256":"b89956652afcb768ec99702b64d1b16416e39819ae8d766d5118cb49924047ef","sha512":"121e28f14b5713a7fd5af02b1ee1cbf41c22b9d3ff225021f4235a0e4a2d93bb11a8e4f858d1d3dd8b7cf0ab6b3d07764db9b90bed921cea4d743b3187950343","ssdeep":"","tlshash":"5cf0c9210a399c29ae8e1c8e004e6315e9fd66d88cec891c91dfee0479c07a48a43336","first_seen":"2025-12-26T18:46:29.852374Z","last_seen":"2026-01-26T09:13:07.223691Z","times_seen":95,"resource_available":false,"data":null}},"time_used":2043,"timings":{"blocked":821,"dns":374,"connect":205,"send":0,"wait":398,"receive":0,"ssl":241},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/popup?try_platform=4\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 08 Nov 2025 00:00:00 GMT","end":"Fri, 06 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FB:31:F3:6C:3E:E1:AB:AB:09:AF:26:D9:02:4C:82:AC:0B:37:03:15","sha256":"E4:06:69:75:8A:68:E3:AB:0C:E6:73:25:3E:79:FA:85:DA:22:7F:B3:2E:5F:C2:E7:F9:F0:DE:CD:94:FF:8B:8B"}}},"request":{"raw":"GET /api/popup?try_platform=4\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.cljpsnmrbsib.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:20 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":608,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5acd13875d2165252a6d2447905b531","sha1":"67bb0f449f31898cdfa5b380c0cf33e35a1b818b","sha256":"79f8984a8f637817571895e05939405d428afc6c60f18496a5314366eca137bd","sha512":"376d16581efbe33fa70cb46bf67953d2fdcdb2ae77fdda195254cc6263f49d147445a9f2299f4f397d3caf7620f55d4f0bcbd40c52d06f2b8645e81529860e9d","ssdeep":"","tlshash":"f7f00c05553c98a5abcb5c0d00c3634694b831d8dcc84b9da3e6ed4c6a475a0438f361","first_seen":"2025-12-26T18:46:29.825171Z","last_seen":"2026-01-26T09:13:07.235912Z","times_seen":95,"resource_available":false,"data":null}},"time_used":1996,"timings":{"blocked":804,"dns":374,"connect":202,"send":0,"wait":384,"receive":0,"ssl":229},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-new.a4hskh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"71:57:FF:2E:59:F1:FC:B0:75:58:A9:CD:70:F0:B3:0F:C5:25:29:C7","sha256":"D0:D4:6C:CF:CD:75:20:FF:29:86:02:CA:01:14:08:B1:EA:E9:43:53:16:3F:92:72:7F:E1:AC:54:E7:A7:F5:5F"}}},"request":{"raw":"GET /activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 91065\r\nlast-modified: Mon, 26 May 2025 12:19:14 GMT\r\nx-amz-server-side-encryption: AES256\r\netag: \"a6f34694a8892178a7e449b0043d1429\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 1d7fb40804b60d5a9f4cfe1063c9fa1a.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HKG54-P1\r\nx-amz-cf-id: Rl3sGJ9QA8Pg_riOgE-a7LQXgWQ0jva2H1AJPwXB2K_1aahEm5I0lQ==\r\nage: 71247\r\nvary: accept-encoding, Origin\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":91065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"a6f34694a8892178a7e449b0043d1429","sha1":"33d658afacb80d35cdde497bb530f08e38e23132","sha256":"766f82c583cabf2b73af2e8d6dd0595ab3ce6bd55c4b9841edf555a1639d1263","sha512":"396caa64116ac49e99f11da3c95eaa7b926f4f9eb08ff5b9aec7ca6d43d704fae3a2a2e75178db4e4082381e2480d788d4b31007dc91a091312ed1279681f978","ssdeep":"1536:nRalahFemQUbzfAgaVLBbB1RZNhmSiVdOFf5Z1Uk6VcD1s7aP0HRb9Knism8zu2E:n+abbzCPPRZjYPOFf5Z1U1uO7c0LOiYa","tlshash":"e193024fea06c57f99655c8012609993a8d1b84f0ca3b793eb588e0907dc946fe37d37","first_seen":"2025-07-18T11:22:50.653674Z","last_seen":"2026-04-03T20:31:04.633174Z","times_seen":505,"resource_available":false,"data":null}},"time_used":2960,"timings":{"blocked":1072,"dns":639,"connect":202,"send":0,"wait":272,"receive":542,"ssl":230},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/c21119500a71cd1dfad1041285222895.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-new.a4hskh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"71:57:FF:2E:59:F1:FC:B0:75:58:A9:CD:70:F0:B3:0F:C5:25:29:C7","sha256":"D0:D4:6C:CF:CD:75:20:FF:29:86:02:CA:01:14:08:B1:EA:E9:43:53:16:3F:92:72:7F:E1:AC:54:E7:A7:F5:5F"}}},"request":{"raw":"GET /activity/2025/05/26/c21119500a71cd1dfad1041285222895.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 91132\r\nlast-modified: Mon, 26 May 2025 12:25:12 GMT\r\netag: \"44c360f70ad7205af7be4b9e72ad8206\"\r\nx-amz-server-side-encryption: AES256\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 a4928835578b58615c7294534180db86.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HKG54-P1\r\nx-amz-cf-id: Xf6iIAEVnCrZL3umu3ULtluMpaps-8nBBw59s_RTrzxEhzE1nDbTvg==\r\nage: 59240\r\nvary: Origin\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":91132,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"44c360f70ad7205af7be4b9e72ad8206","sha1":"aef9ac8c9276f5fc208a1bfb2cdf1abf4e2556fa","sha256":"264b1eb2b87680606d9e9de6d96dc31b8825180e5588765252081d2772eb98b5","sha512":"b93e0d07717567f4121e6eb60f35009e85ede4231eabbd57bd5f7ac58e900b84f070732c432354a60caca3e1dd41e964599a39f0bce439dcb93eab74662849f1","ssdeep":"1536:1d8GPhwJdntG/Yn2TCkjtSbZuF9G8HwCl0VZQkEToysVq9py3AUCctpjHQSFP:f/2tCw2VtStmfQXTKyVq9py3AUCcttP","tlshash":"3b931245ec9f3c26622931115d6f6cd38ac991a7e4b7c837a4f3b2be3405586fe28d09","first_seen":"2025-07-18T11:22:50.67008Z","last_seen":"2026-03-19T10:33:28.657026Z","times_seen":470,"resource_available":false,"data":null}},"time_used":3129,"timings":{"blocked":1069,"dns":633,"connect":202,"send":0,"wait":610,"receive":379,"ssl":230},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/game/Game.js?20220202 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Aug 2025 05:10:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"689d6fb8-f55f\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: e13a73ca46661ace30e469aac07adfbe\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62815,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-03T20:31:04.648614Z","times_seen":536,"resource_available":true,"data":null}},"time_used":920,"timings":{"blocked":-1,"dns":294,"connect":3,"send":0,"wait":203,"receive":0,"ssl":418},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 3373\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-d2d\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b588ba4f23a3a08d0ec9de78e2191040\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":3373,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 367 x 260, 8-bit colormap, non-interlaced","md5":"2d7a78ffd17b81f4d960f89c341377d1","sha1":"2ecab08e7808a385c9a712ce90beeef668c19156","sha256":"5e3bb47aa455eafd7493541cf6ce550ce84309152943f0295d79a9329879ac62","sha512":"1cdd6e6ef5f98a69379d1bbb70c6605ce05be2000426a78e5fe47a140616e118b1a6ae1b5dd0d2641f48dc0dc20216dd864ccaae690409717351122485312630","ssdeep":"","tlshash":"55612b23aaef0419f2459a3a9582d8adabbbf9138499720ec4bf986147b1d317984214","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-03-31T07:11:16.932566Z","times_seen":654,"resource_available":false,"data":null}},"time_used":1383,"timings":{"blocked":1181,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 143\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-8f\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ef2eec4e964681a73c97b3ca08ce15b6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit gray+alpha, non-interlaced","md5":"9a413aaa3c056af34c80628bee9e4586","sha1":"a676a5b3e90762c8c4a9314985e9abf2bad95666","sha256":"5aa5f649a8a53a15e0b65385149db1ed4f7b6286ff043f5fd96445173fc8d6d3","sha512":"ce054b7ace97a2c6922c028af0a5501b442ce7c10110ae85e5df72a542355e9ae5cc0a51b5ec6d9d577517051b30378466cbc61d9830542d47fbe36b04c440c1","ssdeep":"","tlshash":"76c08ce12a204a28faa603a22a3811d0f820b2782929474800284837401212711ea6c7","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.606419Z","times_seen":785,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":12,"dns":0,"connect":0,"send":0,"wait":206,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_football.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_football.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 20588\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-506c\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8b02eb6b2c113d90a06525bb5100f1ad\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20588,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 1057, 8-bit/color RGBA, non-interlaced","md5":"1070cd5b06840cf7f154e66c09ac305e","sha1":"8864ddecf4ae0db0790bb5c901da76bc0b31c84a","sha256":"c76aa339cc81f581354af830b7ac9984cafbd3836e2f1e53762b7baa720cb43e","sha512":"cf434b41eca22162d4aa5377e62103bb0966b4dd4974599bc19f45ddf801e84aca49fd57a2d2a756b7edbd36e5fbf49195c5bc593100cc69e6b8caaa3f6733c3","ssdeep":"384:JEgvqB07FQV4hlkvWknpVtQCdWUKxk76w27R/9ThToBdAm/:JExBu2gb29nKqc7R/vMH/","tlshash":"df92d046d332f232e578f5229567c5de221f2d07099b0f1a489df013ace56bae189e0f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.591485Z","times_seen":780,"resource_available":false,"data":null}},"time_used":969,"timings":{"blocked":765,"dns":0,"connect":0,"send":0,"wait":202,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/nav/promo_sponsor.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/nav/promo_sponsor.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 45701\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-b285\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3c2802750f499134bf821121922e4753\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":45701,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 183 x 110, 8-bit/color RGBA, non-interlaced","md5":"4392b15e336dc870834d64c829f8c150","sha1":"af6de84ddea52908d6434951bd12c2bfbaff3b7e","sha256":"ff63b8ecd5b681b2e0a3d2cff1a1d327145839ae919ac0f7d025857d61656992","sha512":"1333809c4c3e8fc3270763dc4fbecb8f5f808ca657a9518428535a48639468581e05740782ee9af1e0b6db0ac359bf9e89a967cf941d919a94ad9be95a2dc071","ssdeep":"768:9PTkysWeomEy3WouE7U2vCRilIf/QODRMbZA0M3e3TZWeYEG6A6NAHL:9PTfPymLyARJhVAA0MO3TZXYBHL","tlshash":"ed23f12eaf46e09b6913de65cdf10081c417d6c7d49c2c35fc9e8c39a6355b4d8aab0e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.595441Z","times_seen":746,"resource_available":false,"data":null}},"time_used":1373,"timings":{"blocked":1162,"dns":0,"connect":0,"send":0,"wait":203,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.carousel.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-5e3a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 50bd295e74214b039780c38a3d5f3a51\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-04-03T20:31:04.666447Z","times_seen":665,"resource_available":true,"data":null}},"time_used":924,"timings":{"blocked":-1,"dns":302,"connect":3,"send":0,"wait":202,"receive":0,"ssl":412},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.v1c2h.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 24 Nov 2025 00:00:00 GMT","end":"Sun, 22 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CD:6D:E0:A1:66:7B:5E:B3:2E:19:D0:11:AC:CD:40:B4:59:22:7F:07","sha256":"E4:D1:A7:36:92:4F:7F:18:A6:94:52:A2:59:76:61:AE:5E:4E:3D:18:E5:B7:D9:B4:96:BA:01:7A:63:6C:DF:2A"}}},"request":{"raw":"GET /global-activity-entry/js/rain-icon.js HTTP/1.1\r\nHost: www.v1c2h.com:51300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:18 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 09 Nov 2023 07:48:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"654c8ed6-88a9\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\npsc-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34985,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-04-03T20:31:04.666958Z","times_seen":664,"resource_available":true,"data":null}},"time_used":1103,"timings":{"blocked":-1,"dns":424,"connect":204,"send":0,"wait":244,"receive":0,"ssl":231},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.219Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?86b8712c72cab4f521c0b5cd56dfa69f HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11299\r\nContent-Type: application/javascript\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nEtag: 4157d7905928a33033e47cfe10592eb5\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=01A358E08CEEE30A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":29905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (629)","md5":"7c7406c757dd1f8185153d7f0ef02c35","sha1":"4dcb149565b71e7a030b02915801ae14d154fecd","sha256":"b481ce3caeff1d47d6dba5e6ab4a8132701fe5154569f00a3f82a054d259e8a1","sha512":"01fac061531e48d7fdbfd25fe4c2576a17571368044c4abdfcf3b82bece10eb9d5ca7b19753bef53b7a2a2edc6d03bae4cb9cf022f1c174052a58a8cb82db9b0","ssdeep":"384:dtJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dt4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"e0d2d9a9b282713293a324a5153f324af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-01-01T20:12:49.33456Z","last_seen":"2026-01-01T20:12:49.33456Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2591,"timings":{"blocked":1137,"dns":347,"connect":255,"send":0,"wait":316,"receive":1,"ssl":533},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_12p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_12p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 13381\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3445\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: fb2f9e519222038f7db066838a91d52b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13381,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"771df357a82b3f121039b605126d9031","sha1":"49ac1b1ce8829f54c43e4012c0b21f2fffc6fea7","sha256":"7020ab66168f898a06e3743b3793745da0a9d6017bae2934e842e6ec4addc094","sha512":"acb489f3f721c83653262e26fc5831cff21e293becedd745153219f0300318977a485df8717b9195639e7a4a8760c2a988dc1b18a8a4bf5b907da84674cc4c5f","ssdeep":"384:XJXE05gzzzzzzzzz2Qz9IcDmF/COICUtw6ei/CXd:F35gzzzzzzzzz3xydLZUtAt","tlshash":"4052e14f486980fb060929e40fa043559e9667ff4f65ae34c0d27db7942de5b2fa8423","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.665203Z","times_seen":770,"resource_available":false,"data":null}},"time_used":1792,"timings":{"blocked":1165,"dns":0,"connect":10,"send":0,"wait":204,"receive":1,"ssl":409},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/fimg/i202506274933fa50064c8d94db51e297e3b319.png","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /fimg/i202506274933fa50064c8d94db51e297e3b319.png HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 591\r\nConnection: keep-alive\r\nLast-Modified: Sun, 15 Jun 2025 05:27:25 GMT\r\nETag: \"684e59bd-24f\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 7dcb1625bdeb00a2814d5a85f3e8b3a1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 600, 1-bit colormap, non-interlaced","md5":"d390244b30c22d100a24ac05d9e4e979","sha1":"978cd2d10293408b8ad2b62d647ba17ce7f1b07f","sha256":"38d18e132913c6fc5636d430c1226ecdbc29ad80b55faa4a7aad46cd084c44ea","sha512":"27e7300242911590b438a1f533420319984bf694f46a03cf96a5af250d4f74b46e78180a18f7adeda216e95e11b305f65317e604c2aa7fa7a1619a2379e4ef67","ssdeep":"","tlshash":"96f062d55151be10901011012d46e893807030eeebf30b1d450b413270b824ee7296e2","first_seen":"2025-08-07T15:42:17.327108Z","last_seen":"2026-04-03T20:31:04.661699Z","times_seen":515,"resource_available":false,"data":null}},"time_used":1784,"timings":{"blocked":1160,"dns":1,"connect":1,"send":0,"wait":201,"receive":0,"ssl":418},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/kz/verifycode","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /kz/verifycode HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/jpeg;charset=UTF-8\r\nContent-Length: 1536\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=0DE8EB1F7AB9A0D2E099B65E1FC07A83; Path=/; HttpOnly\nVERIFYCODEID=0DE8EB1F7AB9A0D2E099B65E1FC07A83; Domain=cljpsnmrbsib.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: fa3159fb875b07c89d682490c564eba3\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1536,"size_decoded":0,"mime_type":"image/jpeg; charset=UTF-8","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"3fd523a54a8c8497e53ab94604435a81","sha1":"6f4d49d901d17ad7b4d22a8d99173a36809c2e47","sha256":"e3d3e354b26a1fe417c2f8568a5c4782d43796378251c2a8fdd819f36e26bc30","sha512":"fe6a00c4cf8f04cb0bf6ca4c56d75ad1a7fd392886aa0c56dba50e6fbacc3823ba97d54da30adad367d0001e42859bd8aedfa00033a96ca6088fe049c5416be2","ssdeep":"","tlshash":"7431195d9b9646b0cf0388f57887b611f2ceac845ef07bbc7a6552908360cf6ed5520a","first_seen":"2026-01-01T20:12:49.339555Z","last_seen":"2026-01-01T20:12:49.339555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1897,"timings":{"blocked":1156,"dns":1,"connect":1,"send":0,"wait":318,"receive":0,"ssl":416},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/service/verifycode","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /service/verifycode HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=4EE860BED219FB57355AFA927585B784; Path=/; Secure; HttpOnly\n_vcid=4EE860BED219FB57355AFA927585B784; Domain=.cljpsnmrbsib.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: f4ea74364ff0c5e92360800f73d74a9c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1070,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"f0128f45bf7abff68a4edebb6584f63e","sha1":"d851dcb155b7d63cda7cd5e62afe40d1affc43c0","sha256":"79e8c77d97a6c6a693473dd0d3aca1c42bc60f2bbb5884216896831861849aa8","sha512":"815fb60c947d12722bd50f1cf4666e7e14141f1931e2d8ec98b2710cd08493931f65edd43fe1dd9a2427153e26cf421b4c29f691357ae9428912ec5a5f6e1e0d","ssdeep":"","tlshash":"5c11a507c757a015cf23c0b9119a7233d24948823aacbf742e3205a6c924cf59e4ae58","first_seen":"2026-01-01T20:12:49.341817Z","last_seen":"2026-01-01T20:12:49.341817Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1934,"timings":{"blocked":1155,"dns":1,"connect":1,"send":0,"wait":319,"receive":0,"ssl":451},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/rsa.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-34ca\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 7dfd7239091181dfbd643e8c6a0f2ff3\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":13514,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (5026)","md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-04-03T20:31:04.667579Z","times_seen":987,"resource_available":true,"data":null}},"time_used":1090,"timings":{"blocked":888,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/service/verifycode?x=0.6480180476326505","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /service/verifycode?x=0.6480180476326505 HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=6253A5890C589A63A0DE888E7EC4A2B3; Path=/; Secure; HttpOnly\n_vcid=6253A5890C589A63A0DE888E7EC4A2B3; Domain=.cljpsnmrbsib.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: a29acd563f56ff74af87fedc5fa4cb0a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":1243,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"18987708d7a2a7aa952377c901cb05ce","sha1":"428db08a6a9523e0c0b16c118f12188ff02e565f","sha256":"b8a3c2245bf61f8bff93ec1cd725748f27441a684c85eb31bc9dde490cb5cb2f","sha512":"3f7f2b62401d40d36e48d79122ecb6f859ab0a52efd4b76d0592322a9d853e73df0fbacfcebc79b7e92e5c89fedfd140b9bc92af923423c5a3978d4c39242aa3","ssdeep":"","tlshash":"5921a71a8b2e3ba4df16dab261311912e1c758617f43aa391e7105a09f61cf7d80cb69","first_seen":"2026-01-01T20:12:49.34521Z","last_seen":"2026-01-01T20:12:49.34521Z","times_seen":1,"resource_available":false,"data":null}},"time_used":927,"timings":{"blocked":656,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/f705ebac6a063ccbebde29be336a1614.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.046Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /activity/2025/05/26/f705ebac6a063ccbebde29be336a1614.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T11:49:30.368697Z","times_seen":13330398,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/download.png","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 19 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"99:09:F8:08:0E:12:67:90:CD:CF:6F:BB:FD:A4:24:0B:CE:22:68:BC","sha256":"8D:09:C8:8D:E9:B1:66:60:30:60:D8:0C:95:30:0A:E9:BC:A6:D5:11:A9:28:82:AB:A7:90:99:A8:C5:E8:62:E8"}}},"request":{"raw":"GET /mxstatic/download.png HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 01 Jan 2026 20:12:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 456\r\nlast-modified: Tue, 27 May 2025 05:27:16 GMT\r\netag: \"68354d34-1c8\"\r\nexpires: Sat, 31 Jan 2026 20:13:11 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":456,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit colormap, non-interlaced","md5":"1a89c1b0da2dd8e949b7cbfbf97b0207","sha1":"eb7047b074d6e8ab5453ccd9450d30ff781e9988","sha256":"941720c6f4b421e3b7a1312f8c713c13cd6aa7033a04089795c59b96c5d50a9c","sha512":"97ff9190823f66f21d090c88aacfc49526e42d24127bc465ac9ddf4ced53c2981c14627752f77d57d85d8971752101819b9332480a65ec0c2612e8688b8ad26c","ssdeep":"","tlshash":"12f0c091268c9c1cc3dc5cbba3b69756fd18555141035c40bc79c06c579502979f89bb","first_seen":"2023-05-10T13:44:32Z","last_seen":"2026-04-03T20:31:04.624235Z","times_seen":651,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_event.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_event.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 33820\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-841c\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 31860609116ff604d7919a72ebd2d7f7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":33820,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 231 x 184, 8-bit/color RGBA, non-interlaced","md5":"4590b5333179fefe5ea8e8f1a3638da3","sha1":"a0a932f3ca433bc1ea5f788e09eddfa617a4c69e","sha256":"0b3af6b7e8676050661aedd1b94b28045c7a9c905424cbde85f95f7faaf1ea43","sha512":"7ad8e92d6797b8c8c094e8651b566ea510b0bbaf998f9456d1fa1216e33b9bd8afc3840c6a3203fddb0f98e583070113a2329b34ff371dfbbc988a30ee41c425","ssdeep":"384:vdYFfWN0DI5+xe/+sRdXI/nTNAHfs2QZ4ldgeP94lYVIPR22M/96yNtHD9eDk0d4:y0gF/TNF2JSeFLIPR22M/9b/elbPs","tlshash":"7de2f1d07fa4e82156b397c770463aee708dc0ba5b43f5c6131a316b9b24b3c684799e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.661057Z","times_seen":770,"resource_available":false,"data":null}},"time_used":1370,"timings":{"blocked":1161,"dns":0,"connect":0,"send":0,"wait":205,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/close-x.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"104.21.68.47","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:20.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 18:43:15 GMT","end":"Thu, 05 Mar 2026 19:40:25 GMT"},"fingerprint":{"sha1":"5B:66:65:98:81:FC:02:12:BE:8A:3E:A2:CB:B6:CB:92:E0:EE:1E:8F","sha256":"92:B0:5D:3B:74:26:24:9C:EB:E0:D4:B8:0C:B5:59:29:8E:E9:4E:87:C7:F8:CA:6B:F2:E6:75:FB:37:AC:C2:C9"}}},"request":{"raw":"GET /global-activity-entry/img/close-x.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 01 Jan 2026 20:12:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 1101\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-44d\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1RJZg5KsnRwpIEWbCqKRMOvQAfxUnPgz%2FMFLcb39f4tPmgv4o2kxR9dBx1d6nmRCXpY78iBKJviF1CLudJyeF0PNuGSNkdH1lV5lVUKi\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b74abc16e1eb4eb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1101,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 25, 8-bit/color RGBA, interlaced","md5":"6d53ba3fe6c7f1b97871c37f610267c9","sha1":"911d9c2f4efec81d5a7edd84bb7a4f1b33dd8560","sha256":"a1c35b21ff48ff6181a0f1f443508abff9690316942a1d4974614c2c79f0d420","sha512":"8538e5f48126db6176b784162592998bc86fb1ccd88318b4d69334d1ef5fb8037c79ba2bb295f03836c315bbcf102a89e3b70630b6a46646c4acf5127ce4319d","ssdeep":"","tlshash":"0f1186836728cb31c123023a9399630afa184d52b61757cc59cc6c0fce980e2555c61e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.675476Z","times_seen":511,"resource_available":false,"data":null}},"time_used":613,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":613,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.min.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-176bb\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0d4f359ccc9e6bf0f84becac1055eb29\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":95931,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32047)","md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-04-04T10:06:00.694891Z","times_seen":16232,"resource_available":true,"data":null}},"time_used":1645,"timings":{"blocked":706,"dns":311,"connect":3,"send":0,"wait":202,"receive":6,"ssl":405},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 300\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-12c\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a53265849c01037dcbb24e3f0e74707b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":300,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced","md5":"87b9952aa4def5ac2d4dce81528ecae3","sha1":"e34496b167df036229e923d8686858c0a306c1e2","sha256":"7aa81a942fe7f67e5b132b047c4db23993d6ffff8eaafd3692a6824236e11def","sha512":"0fbb21285e5fe2e16acb97529fe973d055261ea7e787fdfc0d4f381f9fd2c00a981dd5861a08a4d1ee0b62d0f145044678b8cc87297e62af85d5f758a826a508","ssdeep":"","tlshash":"c9e0eb4323a20d3ac3c85633a11b13308c304248b484a50d5e442a30cc8a34c2ebd623","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.605294Z","times_seen":789,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2f1e4b6373c20df1cea7b64cbbf4f48d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.597994Z","times_seen":784,"resource_available":false,"data":null}},"time_used":1187,"timings":{"blocked":985,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 4f6984394f44f42cb6850b92821ba5d4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.597994Z","times_seen":784,"resource_available":false,"data":null}},"time_used":1188,"timings":{"blocked":987,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-j.wb27jlt6u066.com:9587/fimg/202505/1a9924b67880434fb3771e34217f417e.png","fqdn":"static-content-j.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-j.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"70:63:CC:0F:0F:5F:80:F6:C9:7C:9F:46:F2:18:BB:F0:81:76:AB:57","sha256":"6F:3D:C2:F9:AF:3C:86:73:A1:D2:80:61:D4:B6:17:22:DA:26:77:B7:DD:45:E4:48:70:54:B5:A0:02:F4:69:D8"}}},"request":{"raw":"GET /fimg/202505/1a9924b67880434fb3771e34217f417e.png HTTP/1.1\r\nHost: static-content-j.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 6259\r\nConnection: keep-alive\r\nLast-Modified: Sun, 11 May 2025 06:29:47 GMT\r\nETag: \"682043db-1873\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3c2f21da80edb9ed8f5a59a720c99391\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6259,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit colormap, non-interlaced","md5":"8c4532aea4471647fef42bbfb068a07b","sha1":"817cd77579876f295d130b198b0619210681035c","sha256":"62278a2db166030d1157dd13ad3e3cd3564df80fa8acf4b8f0396de467ca330e","sha512":"23dec8e31d8dbf92568525198d09b0fe91e6aef5aee59a4b4d55e655aeff0f0f28a404490524f0907eb19522033af6754bfbf5c7f810a2013fc92b101e17d1c7","ssdeep":"192:ddxAOgq6/irKvADndSJhpg2o6GOHFLWH5i9cY:d3gvieIR2o6bFLAkOY","tlshash":"b7d1ae6ea1fdb53e5628e1d5e40dd714444b3ec4922c1ca7c7f129d46b7087be583a8c","first_seen":"2025-08-07T15:42:17.356378Z","last_seen":"2026-04-03T20:31:04.664039Z","times_seen":510,"resource_available":false,"data":null}},"time_used":1792,"timings":{"blocked":1166,"dns":0,"connect":10,"send":0,"wait":204,"receive":0,"ssl":412},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /js/jquery-ui.js HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-7f20a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9753228d2c422695a75a4cd57e51c5ed\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":520714,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1002)","md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-04T10:33:38.249157Z","times_seen":13837,"resource_available":true,"data":null}},"time_used":948,"timings":{"blocked":-1,"dns":269,"connect":6,"send":0,"wait":203,"receive":24,"ssl":446},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/all.js?20231116 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Sep 2023 03:06:14 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65012726-13044\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 875aa32353d280ee5a6e014636bf3b62\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77892,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5480)","md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-04-03T20:31:04.611191Z","times_seen":889,"resource_available":true,"data":null}},"time_used":918,"timings":{"blocked":-1,"dns":294,"connect":3,"send":0,"wait":203,"receive":3,"ssl":415},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/close.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/close.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 1148\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-47c\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a20c62c89e0075c4634883b1f3ad013a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 21 x 40, 8-bit/color RGBA, non-interlaced","md5":"64ead6c5d9cbfe3e933c97c2cb20dacc","sha1":"b7b034fd70b27180d27daa9c8bacb50ce721f025","sha256":"55aa71e8f5f59bec62fc6361e10bcf106d21af39a087c4009931884fd03b5229","sha512":"869b8e2b2c8d8ee615c302cbff59fd745f0cb1f32afbca0c89a469b4d1ab61bbe01905b0a8ac07527aa4f763fd11dad2141a58706334062f37dc6267f55dda80","ssdeep":"","tlshash":"0221674dfb8068029445c5c75dfa8033ea234984daf0f861b487e4151ea12b549496eb","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-03T20:31:04.588901Z","times_seen":788,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/modal_reminder_deco.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/modal_reminder_deco.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 1119\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-45f\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:19 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0bb0becd73721b148d4e043fe5eb3789\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 232 x 12, 8-bit/color RGBA, non-interlaced","md5":"3f99b65d5f4c689ea127400c44026e81","sha1":"60f91d0531242fed70f77991419d8c0442ae4299","sha256":"581ca9e4c82ad7b55ba31fa2033aae45ec122c4be965c2c0eb465da2cbe13dee","sha512":"5cb9d5f09e1877bbf50b680e2e79bdeb17403380db0830e398f3582f2d30207b3925007d19f1416d6e0e9b1aed11b735337a0437ebdb35d70479f2d9f65d3fe2","ssdeep":"","tlshash":"4221038df6115c42925ef99238fa0562e9120c81c7e0e4677dcbc4c648316ba886d9c7","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-04-03T20:31:04.674109Z","times_seen":627,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 7362\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1cc2\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: df0b3254203888e7b82bdae0f40c7218\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":7362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"450da5e1024050be47083963bfeef8a1","sha1":"498dc30e72d3f82ddc7d12b8a8cfdb2fa1aa4323","sha256":"b8eb162ba4dd5f1752300b9625aa98f924eb55d937826b2a227f86ffb51f05cc","sha512":"af4c3f1367a37f623dbe211a17f3d55c9211e388d879d22a286b23ea5ab353adbedb3375199b7a50a8a1e391b9027f22d0102baa7c719533570c3b86a8f04bd2","ssdeep":"96:GY2gCFi+8zRv9iku2V0zRWTFatQL8R2zRPJWs1Y4v/iP0TnRiNXoHAY334hrK31Z:GQVsklKrt0wKE4ugnANYgY3blMu4xG","tlshash":"c8e1ae64bdf180d5d29dbc8d7fd6d063e82b8fd78180722658aec40a55a40b1e8a0a6f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.679613Z","times_seen":783,"resource_available":false,"data":null}},"time_used":969,"timings":{"blocked":766,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/css.css?20250825","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/css.css?20250825 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 27 Aug 2025 02:25:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68ae6c87-1f81d\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 246599c31db6c66a3424265a6937b2eb\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":129053,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (525)","md5":"6d309b5decfdd6c11a3e166778e74ac9","sha1":"fcfe8f12146ca6bd710879db511b1da04d466b93","sha256":"d6a7d65adb81f14e7da94b69d28fb6b0b6635325589b500067e71d1b5dabad92","sha512":"66b3bedd9f1482c7bdf757e45d1be0aac78f078b8334a62fa47900658130395820d528209d6c8a24f3c6b8b03ff83830bf7eb1c3c048b73619f5734268939b0d","ssdeep":"3072:qNlIZVV0wv2kohJeqCfVkY2t1cicY270HaLMZ9R1oF:qNlsP0wPohJeqCfVkY2t1cicY270HaLP","tlshash":"cbc3f8239252204bb137c6557a9da7b86369c003d6436ffe72eebadad16e19403337d0","first_seen":"2025-08-27T08:27:48.75255Z","last_seen":"2026-01-19T13:31:43.42604Z","times_seen":393,"resource_available":false,"data":null}},"time_used":1334,"timings":{"blocked":699,"dns":0,"connect":0,"send":0,"wait":204,"receive":3,"ssl":428},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.validate.js?2017121201 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-ed9a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 54e132cf3cea02a55236114c96439f76\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60826,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1256)","md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"resource_available":true,"data":null}},"time_used":1097,"timings":{"blocked":892,"dns":0,"connect":0,"send":0,"wait":204,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/kz/gp/v1/halls?_=1767298338856","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /kz/gp/v1/halls?_=1767298338856 HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nX-Powered-By: Express\r\nETag: W/\"23aa-PfXEiqtoYcLLtp5L+364xg\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 0b672c69a314f9bd0922ebb467afe645\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":9130,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3df5c48aab6861c2cbb69e4bfb7eb8c6","sha1":"368975e99660237bc61cdba263db1cd12d373882","sha256":"84b54cd53ed7c6b11e6fe2374ce962f31406c29b053602721aba3a2cf6e96b7b","sha512":"6db285f286e46903a1bc018549ff706881e452bfad220094d05d9e493d3d121a060b13e509c91b7c6c5ea9852f3fef45e664cfcb3753b7cdca1fda53adba097a","ssdeep":"192:elqdqzqBDqTOqJJqxqJGqzq/qKqE3qzqcd0qIqwqVqSqAqCqbIuzqlqhq1EqeqZL:eO1N8gC9","tlshash":"9a1275d85f47fc58c95f5d112eab5ba927d8b942f8cd6ed8c2cc4c6000a46d2a30e73a","first_seen":"2025-12-25T22:16:23.962077Z","last_seen":"2026-01-19T13:31:43.450162Z","times_seen":79,"resource_available":false,"data":null}},"time_used":1213,"timings":{"blocked":419,"dns":4,"connect":1,"send":0,"wait":374,"receive":0,"ssl":410},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn.cljpsnmrbsib.com/service/verifycode?x=0.847998313371258","fqdn":"cn.cljpsnmrbsib.com","domain":"cljpsnmrbsib.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.cljpsnmrbsib.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:FD:F6:BB:43:82:FA:7F:75:B2:55:15:0A:C1:53:DB:1C:B0:3D:6E","sha256":"13:C4:C2:5C:3D:E1:1D:5B:24:0C:FA:99:31:CD:3D:FB:FA:FD:61:7B:EC:AF:55:3B:3F:03:1D:5B:43:22:D9:F5"}}},"request":{"raw":"GET /service/verifycode?x=0.847998313371258 HTTP/1.1\r\nHost: cn.cljpsnmrbsib.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/home/register/\r\nCookie: PHPSESSID=6bnfoqopguksg0iaake09lps5p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=4D878221E9FEC0C8BE83AEEEB9EFCE30; Path=/; Secure; HttpOnly\n_vcid=4D878221E9FEC0C8BE83AEEEB9EFCE30; Domain=.cljpsnmrbsib.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: d79c70e3b5963c747d2b2035d21569ed\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1320,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"021278eac6fa33d2f37d4587f2afbe2d","sha1":"0594b0b219b837bffaa5e0da204b4ba27f14ae96","sha256":"9c8fdb58833331c2df81634f71aaae3e8da34c6906eda95572112dce71695b90","sha512":"fb374e242f21a32e54a6979c92cb6878de4e7a606f4adee8e4ce9da38a89a7e2304e63534a889ed29c9238fbceba734d4aca7ca0b99b41016bb50295a2a6f3b4","ssdeep":"","tlshash":"c821951a570392799f29c1e8680b3e66a3c797473e2026ba6d76c0b5dd24df4c04cf1d","first_seen":"2026-01-01T20:12:49.360287Z","last_seen":"2026-01-01T20:12:49.360287Z","times_seen":1,"resource_available":false,"data":null}},"time_used":979,"timings":{"blocked":658,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-01","alert":"Phishing Block","trigger":"cn.cljpsnmrbsib.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"cn.cljpsnmrbsib.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_keno.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_keno.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 21322\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-534a\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 94f71d85f026703c5a9478568c8c5e37\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"f3d3231964cd6c0b98aceaa07e9626b6","sha1":"2fdcca8cdf610057e37e86e9c679f87d959a1821","sha256":"3075e79d3c7ef852ed0a95aa56324509b499446a6d8a454fed94f1fdd102fd90","sha512":"78837a1effb6ae7ef05256cac78af4982ceb76f36f77362f29caf29fff7f2ae6ec01d11c89ec4c87c7ffb2a9ec9ad7a6d2ccab97b5b0145c649672baf097858c","ssdeep":"384:yW63kJiUaadwYIM4oZt3zpqdyaNJQMqr3t5LwR2hD83hZTf2xL:96UJNlwSVtqdyPtZwW83HqxL","tlshash":"20a2e1c5ded60df36e6a639225e06525854ccbc29ebdd24a00e2b3d83a903c773dd3a5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-03T20:31:04.618587Z","times_seen":759,"resource_available":false,"data":null}},"time_used":2812,"timings":{"blocked":2607,"dns":0,"connect":0,"send":0,"wait":201,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:17.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/error.js?2025092501 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.cljpsnmrbsib.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Oct 2025 02:03:47 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dc8c03-28a5\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ab9cae3cdf12ff30415648db56fd86ad\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10405,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-04-03T20:31:04.61196Z","times_seen":406,"resource_available":true,"data":null}},"time_used":1091,"timings":{"blocked":889,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/btn_close.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.cljpsnmrbsib.com/home/register/","date":"2026-01-01T20:12:19.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/btn_close.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 01 Jan 2026 20:12:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 672\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-2a0\"\r\nServer: gocache\r\nExpires: Fri, 02 Jan 2026 20:12:20 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 534768a82d7103e2e572388d0d496d5d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":672,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 8-bit gray+alpha, non-interlaced","md5":"9bb39b9f25e57e73ad06a45b4bb34b6a","sha1":"104fefbe66cf791b1fc1b3a933a16e6606febcf4","sha256":"04082d0d7f70e5f41e4ca58d1712420801b243cdf5a21e7012ad4e70ab05f42e","sha512":"abfbf162af3b2dc40cea4c02d20f2af4e4d5ce586221af4a70b6ee5adefbb4856dbaf44208a3b48efc1149ddd15797fd3fdb650573a2aea78b9e85b20ed3eea3","ssdeep":"","tlshash":"d201d8f775fc213089b0639e9306919adfa703b2811210f8622875754075aaf1d79303","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-03-31T07:11:16.998038Z","times_seen":652,"resource_available":false,"data":null}},"time_used":1380,"timings":{"blocked":1179,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}