{"report_id":"fafb4ebd-a22e-4924-8a2c-bdd88d30b1ee","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-04-25T03:06:52Z","url":{"schema":"http","addr":"evaa.zanggu.net","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":0,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"final":{"url":{"schema":"https","addr":"evaa.zanggu.net/","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"title":"EVAA — Ecosystem Allocation","dom":{"size":28752,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (945)","md5":"77fcaf0396c5774a9183b7c4105a3652","sha1":"986daa0ae1bf4024bb2f50ca792e7653ec1c3c5e","sha256":"d9aaebe61f63c8f0a13fcf3f22ad1447271f407022af75596e094eac47ffbc89","sha512":"618bb083d6684d6766894f88c57834b316739bfa20c2ebd81c70a49ceca66f77b0d37e8f3995c9db05981c5467bdc2e1d65848667d9cd577e3efc26e92a689e1","ssdeep":"384:BrnxIkU/hVXw+kydmvi/m0oQqguUa96/fwdBD:1GkU/hVXw+kkqguUxg","tlshash":"70d2d81252a51429a50792e67f9ba71f2329e053e20ac57c3edd01a4cf8fad5c9b37cc","dom_hash":"domhash6bd290058f9e123292d27248afacbc43","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"evaa.zanggu.net","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":0,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-30T03:06:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-25T03:06:32Z","timestamp":1777086392,"ip_dst":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"Client IP","port":39898,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)","source":"{\"timestamp\":\"2026-04-25T03:06:32.140021+0000\",\"flow_id\":116707946950470,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":39898,\"dest_ip\":\"149.154.166.110\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033967,\"rev\":1,\"signature\":\"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_09_16\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_09_16\"]}},\"tls\":{\"sni\":\"api.telegram.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":789,\"bytes_toclient\":4500,\"start\":\"2026-04-25T03:06:32.094022+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-25T03:06:32Z","timestamp":1777086392,"ip_dst":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"Client IP","port":39914,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)","source":"{\"timestamp\":\"2026-04-25T03:06:32.145513+0000\",\"flow_id\":1919896279089442,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":39914,\"dest_ip\":\"149.154.166.110\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033967,\"rev\":1,\"signature\":\"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_09_16\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_09_16\"]}},\"tls\":{\"sni\":\"api.telegram.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":789,\"bytes_toclient\":4500,\"start\":\"2026-04-25T03:06:32.098594+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"evaa.zanggu.net/visitors.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"ipapi.co","ip":{"addr":"172.67.69.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2026-04-22T16:23:58.927309Z","alert_count":0,"request_count":1,"received_data":2500,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"evaa.zanggu.net","ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"domain_registered":"2014-05-06","domain_rank":0,"first_seen":"2026-04-25T03:06:53.004619Z","last_seen":"2026-04-25T03:06:53.004619Z","alert_count":2,"request_count":4,"received_data":37722,"sent_data":1771,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-19T22:16:46.237507Z","alert_count":0,"request_count":4,"received_data":197468,"sent_data":2220,"comment":"","tags":null,"fingerprints":null},{"fqdn":"api.telegram.org","ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"domain_registered":"2003-12-15","domain_rank":206724,"first_seen":"2015-06-25T10:09:00Z","last_seen":"2026-04-18T12:36:39.613476Z","alert_count":0,"request_count":2,"received_data":1271,"sent_data":1131,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-19T22:20:23.925162Z","alert_count":0,"request_count":1,"received_data":13321,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"evaa.zanggu.net/visitors.js","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"md5":"b52df120dd3efa3c72a24e6b6f36b015","sha1":"b1d5c8cf7bc6cf17210b3472b54709b43f9630c9","sha256":"502be4d6fd23024de737faa09e0dc0d80e5bb43e152ad03aeeb61a31f6564e4d","sha512":"7dbda1f2dce3c524017b9fcbc3ab600abe0e0422f2d08c19654636ed75459ff6985345fa9fb48728a8a1a3d4845a465d94b1796d1ca2f5f1ca698a422be02b84","size":2274,"token":"8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E","is_revoked":false,"bot":{"token":"8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E","user_id":"8720547580","username":"Visitdhehjebot","first_name":"Visit","last_name":"","chat":{"chat_id":"-1002631734661","title":"Work","type":"supergroup","bot_is":"member","total_users":15,"active_members":null,"admins":[{"user_id":7943997111,"username":"John777John","first_name":"John","last_name":"","is_bot":false},{"user_id":6424847572,"username":"jsy_pkmn","first_name":"Клим","last_name":"","is_bot":false},{"user_id":8279387209,"username":"heybroheybro","first_name":"empty","last_name":"","is_bot":false}]},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"evaa.zanggu.net/visitors.js","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b52df120dd3efa3c72a24e6b6f36b015","sha1":"b1d5c8cf7bc6cf17210b3472b54709b43f9630c9","sha256":"502be4d6fd23024de737faa09e0dc0d80e5bb43e152ad03aeeb61a31f6564e4d","sha512":"7dbda1f2dce3c524017b9fcbc3ab600abe0e0422f2d08c19654636ed75459ff6985345fa9fb48728a8a1a3d4845a465d94b1796d1ca2f5f1ca698a422be02b84","ssdeep":"","tlshash":"f041636d08b6092c1a16702bee0fa5083543e13f398bda6475ec4b455fd206ec5757d8","size":2274,"data":"","first_seen":"2026-04-25T03:06:09.814197Z","last_seen":"2026-04-25T03:06:54.970451Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"evaa.zanggu.net/visitors.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"evaa.zanggu.net/","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"scriptElement","is_inline":true,"md5":"0fe939a20aab09a3412a1c738349d09c","sha1":"89a263c467b0c2d1603049f7e066fd2e9b48c6ce","sha256":"e1a2dc86cb9c6ee53fb19d7dd884449facdd7a41bba3e506e53dbd7ba9393915","sha512":"04959bee8c197fcbdd1ae35d8f4fd2b73d76f6b3f61f8b0c6eab76bf9e78e2ea2ca2770d567e4c73cd3c90eacfb938df3eea43dd8663443839f869bcd43d6785","ssdeep":"96:em4dMrSMCkB96r/uK8yCdsv/FY93deho+LbYY:eTH296/uSFwdehoCYY","tlshash":"04c1a50631a318340017e1b79fcb5a482620106b7a86ce687d6c5b356fc3a25d9f7aee","size":5754,"data":"","first_seen":"2026-04-25T03:06:54.985779Z","last_seen":"2026-04-25T03:06:54.985779Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"evaa.zanggu.net/visitors.js","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /visitors.js HTTP/1.1\r\nHost: evaa.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evaa.zanggu.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:06:31 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2274\r\nLast-Modified: Sat, 11 Apr 2026 18:53:05 GMT\r\nConnection: keep-alive\r\nETag: \"69da9891-8e2\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2274,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b52df120dd3efa3c72a24e6b6f36b015","sha1":"b1d5c8cf7bc6cf17210b3472b54709b43f9630c9","sha256":"502be4d6fd23024de737faa09e0dc0d80e5bb43e152ad03aeeb61a31f6564e4d","sha512":"7dbda1f2dce3c524017b9fcbc3ab600abe0e0422f2d08c19654636ed75459ff6985345fa9fb48728a8a1a3d4845a465d94b1796d1ca2f5f1ca698a422be02b84","ssdeep":"","tlshash":"f041636d08b6092c1a16702bee0fa5083543e13f398bda6475ec4b455fd206ec5757d8","first_seen":"2026-04-25T03:06:09.814197Z","last_seen":"2026-04-25T03:06:54.970451Z","times_seen":2,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":67,"dns":1,"connect":30,"send":0,"wait":30,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"evaa.zanggu.net/visitors.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://evaa.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189168\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T15:40:46.152583Z","times_seen":161998,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://evaa.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189168\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T15:40:46.152583Z","times_seen":161998,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":57,"dns":0,"connect":0,"send":0,"wait":16,"receive":5,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.telegram.org/bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:32.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"OPTIONS /bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://evaa.zanggu.net/\r\nOrigin: https://evaa.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.18.0\r\ndate: Sat, 25 Apr 2026 03:06:32 GMT\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: content-type\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T15:39:35.508929Z","times_seen":14478573,"resource_available":true,"data":null}},"time_used":305,"timings":{"blocked":136,"dns":1,"connect":21,"send":0,"wait":26,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.telegram.org/bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:32.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"POST /bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://evaa.zanggu.net/\r\nContent-Type: application/json\r\nContent-Length: 249\r\nOrigin: https://evaa.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Sat, 25 Apr 2026 03:06:32 GMT\r\ncontent-type: application/json\r\ncontent-length: 540\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":540,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f7d148c9b2fb3a26a0f1034d5c6e3513","sha1":"48fe471e7c95374dd8bfe11720a18e78f225d1aa","sha256":"feeb62365cf45a989a9edca8ddfdddb232c5dfc89416dcfbc352721786adc007","sha512":"3fc3ee50e69a4bce72099bca9631e862b60f576da0d7236e8d1bbbda08bc1424ee3448f2cdc44e0b305c18d07940c6e150bc78109cc63ee8f808cdef6021ed42","ssdeep":"","tlshash":"e5f0c02701140dab148eabc6c4c37f4ac6b93073d18ee860c4ddea908381fd8a11a5a3","first_seen":"2026-04-25T03:06:54.974637Z","last_seen":"2026-04-25T03:06:54.974637Z","times_seen":1,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"evaa.zanggu.net/","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-25T03:06:31.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: evaa.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:06:31 GMT\r\nContent-Type: text/html\r\nLast-Modified: Wed, 22 Apr 2026 23:45:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69e95da4-6d18\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27928,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (939)","md5":"3c86e3d165dcbd6f2b2bcabe1d8b334e","sha1":"354bee3eb538ff6c003955093617f1896338014f","sha256":"fe8624f483a48e5e68320b6f5448bf62bb34fbfd6d39701a8b21289d12f7ba0d","sha512":"0db30539926bec51965922ac5b209d8f02b0e6e5ae332aca059ea43965ef5398b3d6c4242375d9cf0bbbbfc1a1ab01c933ac4a5475c9f80377aa9ae65f6877e1","ssdeep":"384:dxxIEU/hVXw+kpdRvi/m0J6/guUa96/fwdBx:DGEU/hVXw+kL/guUx+","tlshash":"69c2d81252a51429a50792a67f9b971f2329e053e24ac57c3edc0264cfcfb95c9b37cc","first_seen":"2026-04-25T03:06:54.97697Z","last_seen":"2026-04-25T03:06:54.97697Z","times_seen":1,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":84,"dns":14,"connect":30,"send":0,"wait":30,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"evaa.zanggu.net/logo.png","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: evaa.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evaa.zanggu.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:06:31 GMT\r\nContent-Type: image/png\r\nContent-Length: 6394\r\nLast-Modified: Sat, 11 Apr 2026 18:53:05 GMT\r\nConnection: keep-alive\r\nETag: \"69da9891-18fa\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":6394,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 800, 8-bit colormap, non-interlaced","md5":"94a237f62241288ccd5e5d4a2d26cd79","sha1":"5e244c8e8e4feef69fcc9016e5ff5230ed785296","sha256":"e503879d5b6535af55c43cfa80649136f7b539c51b5c0ee0d989ffe466be81ce","sha512":"d0b19ed4536f46539d7f29851afe1b0ed789eafab8d86b1351b1d9d429a2648a7ea73ae0cdf59aef47004e15a1b1ff6e504a13dc427fa7114fc1babe2bf31724","ssdeep":"96:dTeqLNxPR92mfTfdSl0i5x6YS66iuCkTP+DpbNGA5v3U65EDI:hh9fTldiT6IBkT2NH5B/","tlshash":"a2d16cd8f329a107fdb208b9da3d81d598c70f14744628e8c879dc6ae4e65cfa4e4d38","first_seen":"2026-04-25T03:06:54.979561Z","last_seen":"2026-04-25T03:06:54.979561Z","times_seen":1,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":118,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evaa.zanggu.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 25 Apr 2026 03:06:31 GMT\r\ndate: Sat, 25 Apr 2026 03:06:31 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12635,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"f04de8ad1ef740d940ec0f534a8f6474","sha1":"3b31756e84c8887867417c7d6cc64501c9d9193c","sha256":"2f1ac0c31bc3ede8317cf72e9d28051ec727c9a0014aa69cff495abd6256bb4e","sha512":"69afede137c125294044274e463f30c02594f379ec879285e0b3ee41097f503dfb8272487759870f547e4dc4cf8828a2c1efaa806deb2f3124b7f6d67c638783","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:8KYXuM0p2+4","tlshash":"28427892002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:44:19.218006Z","last_seen":"2026-05-01T15:49:31.169226Z","times_seen":18721,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":88,"dns":1,"connect":20,"send":0,"wait":33,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"172.67.69.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Apr 2026 20:25:59 GMT","end":"Wed, 15 Jul 2026 21:25:52 GMT"},"fingerprint":{"sha1":"76:B2:7F:DD:D1:3A:92:49:08:6F:F6:9D:93:7F:FA:A4:E7:AF:1E:04","sha256":"D3:90:F8:60:D1:C0:1C:19:C5:12:68:B2:54:72:DC:42:A3:9F:4C:D8:10:D6:0D:5B:71:0C:1C:EB:AF:AA:AF:F1"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://evaa.zanggu.net/\r\nOrigin: https://evaa.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 03:06:32 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: GET, POST, OPTIONS, OPTIONS, HEAD\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://evaa.zanggu.net\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8afVPijmPtiFRAjUI34U2vYBe8bWwbJGIRc1arXm56%2F%2FapmTU5NV0ipKqJ3N0C3rKdjJFheoHd3H4wGQoUsiB6L6ndS%2BNgyoJr%2BQ08KTB4QSAwOds3sCypo5\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9f1a21dcdba0712b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":744,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"080170d2d7d392e63d1dbda285dc26e0","sha1":"1c901cc38d4bf0751031b28e015eceaf0b38de69","sha256":"5c18306f43331d1e2232bf78aec93a9068ca8dc2ed461b6a7aabaef9faf7e0d7","sha512":"084f7164a35f570999efcdd15d3c3b1a7986d7b28f16c28a5792570ac62750284765d4ee6c437d73b2e43c6af2e171835ff423a1f6424d6db3d151c064ce75f4","ssdeep":"","tlshash":"c301df68e4690ebb9cb9136cb4686907127422075e56398e7fd09b4d0f8e9bf30b534e","first_seen":"2026-04-22T09:52:17.391649Z","last_seen":"2026-05-01T15:54:33.97412Z","times_seen":633,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":220,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://evaa.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189168\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T15:40:46.152583Z","times_seen":161998,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":66,"dns":2,"connect":7,"send":0,"wait":8,"receive":10,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:31.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://evaa.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189168\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T15:40:46.152583Z","times_seen":161998,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":135,"dns":1,"connect":21,"send":0,"wait":8,"receive":2,"ssl":112},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"evaa.zanggu.net/favicon.ico","fqdn":"evaa.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://evaa.zanggu.net/","date":"2026-04-25T03:06:33.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: evaa.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evaa.zanggu.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:06:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-05-01T15:28:07.152677Z","times_seen":21687,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}