{"report_id":"063f0f49-fbd7-436f-9902-76c10820f81b","version":6,"status":"done","tags":[],"date":"2026-03-03T07:45:44Z","url":{"schema":"http","addr":"www.iqrgp.work/","fqdn":"www.iqrgp.work","domain":"iqrgp.work","tld":"work"},"ip":{"addr":"192.163.186.172","port":0,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"title":"双妃娱乐","dom":{"size":10794,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (917)","md5":"d843e2439ba436eddc0b41880a7d5d29","sha1":"723267cb2a5e95de18eae6821f539f3caf5c993b","sha256":"536afdab4771a784a1f24c0498c89a038517e4b709f5b095ffffbb25c4d0d45b","sha512":"492385269d7c21de57aac519d6070129f103ef158b295670386f81545b2189e1bd4b7f111d71e531b8de36fbac43ed4a156057ab994ddbb937fbc0c2012ca809","ssdeep":"96:fhW70ihhN2puWvmw2DWnL7jZa114S2qZATv4i6sY/kgPY:fm0ihhN2P/nmGf","tlshash":"b422cd418ae15c4304334e81a965e5a669c281078b17481071fc0feeffaedfa896fbdd","dom_hash":"domhash84fb75958eef49598186a5e474a05f62","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.iqrgp.work/","fqdn":"www.iqrgp.work","domain":"iqrgp.work","tld":"work"},"ip":{"addr":"192.163.186.172","port":0,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T07:45:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":7,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:23Z","timestamp":1772523923,"ip_dst":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-03T07:45:23.671862+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":39042,\"dest_ip\":\"192.163.186.172\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":1065},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":671,\"bytes_toclient\":5676,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:26Z","timestamp":1772523926,"ip_dst":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":39054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-03T07:45:26.065238+0000\",\"flow_id\":1772999301920909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":39054,\"dest_ip\":\"192.163.186.172\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.iqrgp.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":625,\"bytes_toclient\":707,\"start\":\"2026-03-03T07:45:23.391309+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:28Z","timestamp":1772523928,"ip_dst":{"addr":"47.254.186.217","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":51364,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-03-03T07:45:28.247839+0000\",\"flow_id\":1691820125328643,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":51364,\"dest_ip\":\"47.254.186.217\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"htjswj.oss-accelerate.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":900,\"bytes_toclient\":6993,\"start\":\"2026-03-03T07:45:28.201987+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"Client IP","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"Client IP","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"Client IP","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"Client IP","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"www.iqrgp.work","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"8swvei7jgogf.wbvqo.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-01-01","domain_rank":0,"first_seen":"2026-03-03T07:45:45.380551Z","last_seen":"2026-03-03T07:45:45.380551Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":439,"comment":"","tags":null,"fingerprints":null},{"fqdn":"apps.bdimg.com","ip":{"addr":"60.164.7.49","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"2010-03-22","domain_rank":966685,"first_seen":"2012-08-06T13:34:46Z","last_seen":"2026-02-26T21:16:15.550207Z","alert_count":0,"request_count":1,"received_data":21918,"sent_data":442,"comment":"","tags":null,"fingerprints":null},{"fqdn":"o1tlp0.bvppn.top","ip":{"addr":"43.252.173.18","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-01-01","domain_rank":0,"first_seen":"2026-03-03T07:45:45.378521Z","last_seen":"2026-03-03T07:45:45.378521Z","alert_count":0,"request_count":1,"received_data":498,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"er6kk1e3bkgnpky.entsbio.com","ip":{"addr":"163.171.132.205","port":6443,"asn":54994,"as":"ML-1432-54994","country":"Germany","country_code":"DE"},"domain_registered":"2011-06-30","domain_rank":0,"first_seen":"2026-03-03T07:45:45.374159Z","last_seen":"2026-03-03T07:45:45.374159Z","alert_count":0,"request_count":1,"received_data":1123,"sent_data":660,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"9kqegm.rogwn.top","ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-01-01","domain_rank":0,"first_seen":"2026-03-03T07:45:45.38366Z","last_seen":"2026-03-03T07:45:45.38366Z","alert_count":0,"request_count":40,"received_data":2255856,"sent_data":32799,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.iqrgp.work","ip":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"domain_registered":"2025-04-21","domain_rank":0,"first_seen":"2026-03-03T07:45:45.382126Z","last_seen":"2026-03-03T07:45:45.382126Z","alert_count":14,"request_count":3,"received_data":22642,"sent_data":1235,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-03-02T03:22:44.787708Z","alert_count":0,"request_count":1,"received_data":360,"sent_data":473,"comment":"","tags":null,"fingerprints":null},{"fqdn":"htjswj.oss-accelerate.aliyuncs.com","ip":{"addr":"47.254.186.217","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"domain_registered":"2012-04-01","domain_rank":0,"first_seen":"2025-10-04T08:21:37.216898Z","last_seen":"2026-02-27T12:53:14.769666Z","alert_count":0,"request_count":1,"received_data":2003,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"q336s6ex3ff0gq2.bvppn.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-01-01","domain_rank":0,"first_seen":"2026-03-03T07:45:45.377571Z","last_seen":"2026-03-03T07:45:45.377571Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":442,"comment":"","tags":null,"fingerprints":null},{"fqdn":"2g31jr0ml.bfajr.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-01-01","domain_rank":0,"first_seen":"2026-03-03T07:45:45.386494Z","last_seen":"2026-03-03T07:45:45.386494Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":436,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.iqrgp.work/","fqdn":"www.iqrgp.work","domain":"iqrgp.work","tld":"work"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"261371cd33d916569f21a2b494b4875b","sha1":"2b58e89a6a888267a2c98bb0360aced442cd5aee","sha256":"01a00c3ac85b1c97227e4719908f63e60cc1ff9fdf11093e3d991b0ff553b558","sha512":"76e800a81a61a23372cdda1576176ee089b4e47cbffc3d5a55fc83302b638957f21502c9eddc0ea6da94ec904c6762f2792768032a95b039028ed72f9c8e7b22","ssdeep":"384:i65V+0Gz6QwBED+Jk85ckSYWGAWuHwXd9VEPCE2/GpE2FpmkZfh2Ak9pHtYu/bMv:i65V6z6QwmD+Jk85ZSYWGAWuHwt9Swn6","tlshash":"8c92d745ba90a855034f1be7ff3f70dcda6a08aa39598c4fb7807c5876b0727e951a30","size":20056,"data":"","first_seen":"2026-03-03T07:46:11.167568Z","last_seen":"2026-03-03T07:46:11.167568Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:23Z","timestamp":1772523923,"ip_dst":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-03T07:45:23.671862+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":39042,\"dest_ip\":\"192.163.186.172\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":1065},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":671,\"bytes_toclient\":5676,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/conf.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"28f993b3d4ce13079d1141ecc912a0de","sha1":"dc0ee23cb6cf0d540b732f2866f4dbdcc570cb51","sha256":"5f2148e67db141c7fc60c9a7a81f52931bdc6109157c507f85f7e44523923470","sha512":"7dfa9cbb2ff867bdc835866e45f19bef67b08a20fccece3f2d4c64511033bb31fa967a3b02dc897489b7ce3b5f05a6685c282177a100d51d4c09dbbc2fd382d9","ssdeep":"","tlshash":"03211ec83502c90834e7345f381f156db932324920a4b500d698ee346e6025bf3beb88","size":1122,"data":"","first_seen":"2026-02-28T02:26:33.603247Z","last_seen":"2026-03-30T21:55:01.074584Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/rem.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e74e945fcc19cbd1d5276e5d4548d525","sha1":"8236e3f3fc64916f9f7f65e8aa2680c9302f0858","sha256":"33442081f56c808935dba715de506e29ebf99eea4d997a64818edb9081369fa5","sha512":"a31082fa7c4afd5138b6f5048ea64b3fced8635505c69b56b2de5168b699069401b415f26eb42ed6ccdbc8e8c8db6f50618fea5890565ed5404f360176907245","ssdeep":"","tlshash":"8a01f166644125384b2b0009a925726cfeb7811303235283f45cae766fb0e430ab1fdc","size":840,"data":"","first_seen":"2023-03-07T12:23:57Z","last_seen":"2026-04-04T13:50:51.161516Z","times_seen":14211,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/MobEpp-1.1.1.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4cd45273f059ebff2ac2185efd52bf9","sha1":"fe2cca20ad99606127aa64fe74059f4dfd6dad60","sha256":"3816789af95bb9ed6245bab40c8a8aa56082819801a93d4a79ff9599bd7dc68c","sha512":"ac94c7f14b8091240cd29166ccab408f09af554c4a38e7aae2618b65429c3e2cd0885810a2f2cb5b0f937c793e15abe9a5ce6bc226f503ae4c8b61490fc785ae","ssdeep":"384:zJdTONjokUwV3CfyTxGZ8wvvC1x8AAr4VZjladj8yUorA49NfNoxRZ9Tbmmxyh5B:z/OxokU9BA1yU8sbPgMU","tlshash":"2bb251587b4c156d80e3b67a027f1909ec3dc433960485a4f0bda9e46ff465a232eebd","size":25176,"data":"","first_seen":"2023-04-06T18:33:51Z","last_seen":"2026-04-04T13:25:27.089239Z","times_seen":8324,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/body.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba01097a1d283092e14d4ec401513bf6","sha1":"8e55266f8889d62bdc5b95e045cc6f24d9bcfb3d","sha256":"fbf64ed9cbbebcb45a57097b3c393d893d367e2b627ab97ae52b4dc7abdb371d","sha512":"276e05afe5f15760d68777fb056c04442f4a03aed1e67e550438375004826854748fcd894010fd044387073a98fcb1f7759bf38b04731994b95075d1af3546dc","ssdeep":"1536:MbLnehQu5tv0MDprWz+iR0zFf8dvywX31LW:Mo9TDprWzDRKUDW","tlshash":"e043199873c9b46003a72bf73f0fb2e1e15710de7454491eb580b5b8b9a4b2bd2d9a31","size":56294,"data":"","first_seen":"2025-08-03T01:58:24.991732Z","last_seen":"2026-04-04T10:17:13.429951Z","times_seen":190,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"apps.bdimg.com/libs/crypto-js/3.1.2/rollups/tripledes.js","fqdn":"apps.bdimg.com","domain":"bdimg.com","tld":"com"},"ip":{"addr":"60.164.7.49","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7e914a0aaeb57e9a6534437480eaa87","sha1":"d74461ca0f071302f2474d82a19708661daad912","sha256":"bf3bed187f585b21b023fe6e0c5166cdc6d32afb212dbd590f6e2d6ccf510573","sha512":"3160a12313bfec76d7f8285c7b9848fa26ac05d76b47f52cd375958737ddea7f4173375c9fa7aeebe059043deb05cd8d13bc6743fea8b028ea5b1a6c41d26003","ssdeep":"384:OgZ1OMaehKPqc7ChlWruydQtoRoSvGl9OcQ5Zw+U5j/:pDphKPqaAYHdGoOSel9OcmTu/","tlshash":"96a20bc9719d3582e3a1749044bb314b74bb2677814c56b8f290dacceeacda9413de39","size":21450,"data":"","first_seen":"2023-03-08T14:26:09Z","last_seen":"2026-04-04T13:35:19.082307Z","times_seen":4183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"0c8964e90df30c134d7ca699cf99eeab","sha1":"67a0883e8411194f2869e8ca53227c411a00960e","sha256":"99f45be3ccf945d840ba883ce61e0e6701cadde7e5805806d94bbe367cd1dc2d","sha512":"d33c8c1c48c5d9b0593ccc0b8298e3d72496941add91cb71a060f2a1d373483d65c03e18801e53edd0e6ecf88529f052c216f1ee5756a5158cfaebd27864b935","ssdeep":"","tlshash":"969002c2982549005454facb6118d66260d47195831d30006500914998510d09470354","size":51,"data":"","first_seen":"2025-03-03T01:49:48.965484Z","last_seen":"2026-04-04T13:25:27.108942Z","times_seen":2434,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"htjswj.oss-accelerate.aliyuncs.com/zbpg.js","fqdn":"htjswj.oss-accelerate.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.254.186.217","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"09917bf67a9c63fc77e16bd0439def08","sha1":"ffeb21e91978c56aa341591ffe19c5b1f0132be7","sha256":"e7ff7efac61200ffb39f1fa30b0c978f2a1f1ddbb9865219ccb2efb60d2ea45b","sha512":"657c6f17d6f1de9724609854af880fa26182e6b8de77d73d80cec354ccb1d3cc3d08645d3b6c9716fa9accb021b5ab57c5cbb8f6717d9ae8cd444c4babcb0613","ssdeep":"","tlshash":"31319ecf115624102ab263bd4f67750dfb63006b608e82a8ba4d435c2f3621a8252fdf","size":1453,"data":"","first_seen":"2025-12-25T08:37:07.365342Z","last_seen":"2026-04-04T13:25:27.092903Z","times_seen":1308,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-04T13:50:08.327783Z","times_seen":81404,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/jquery-2.2.4.min.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T13:29:53.767101Z","times_seen":261224,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/appinstall.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a14913360cd89f0812ea4971df5a16b","sha1":"409a49517dfc31273a84977e1a852ef5ccd60063","sha256":"7c9895f2e57140b2a429c2b5df1eb51b2c0bf49f56365e198fb20a92fe79c1dd","sha512":"afdb6539176c82ae6d211655b974781f7854d7045af9e4f53d66c8c96860c3a0271c27115375c65e93e797585e4e04c9d61fa9464a58a211a0981b2583c0762e","ssdeep":"768:JKOpi9n0gWsgR/DUjVyMcamlyNWAa0kULOLOjOsO3Ow5l5W5P5M5ZgqDdL2fGjcZ:cOpil0gWxbzDqUHJFG+mSsZR1QeyDe","tlshash":"782310c879a2f8501766b172356fd47bf6ab6caaa488c90cd501f4dcfeb4118d533e88","size":47585,"data":"","first_seen":"2023-10-22T09:50:31Z","last_seen":"2026-04-03T21:02:00.970499Z","times_seen":6387,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/cdn_domain.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"95e8c547b0d333a78964029fa1534a45","sha1":"f86239d73556c2f085ff61361e1bb5ffb6d1631f","sha256":"a72692af1aea3e01baf4c380dd31fad611fdb3e5a3416a8765cc8886fc651fad","sha512":"0d861a110d16e0d6671069845aafe4db131dd28c10845b30d8921bcbe876b0139d5365733857de6a72de1df9623dc300aef3586827cf674436da0b851071ecb8","ssdeep":"","tlshash":"d03131dae1d1585e02ca34016e1fa109e8b970aadc29dc03561c85ac70a4feda06bead","size":1531,"data":"","first_seen":"2025-10-16T08:29:01.162261Z","last_seen":"2026-04-01T22:49:08.329022Z","times_seen":229,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"2c2038dda56171f61fefa3357d27760b","sha1":"75e70bf14d1b33fa17b382fbfa44ef7fb0535ab2","sha256":"4ba241ba86fe5233228d7bf94dd3848b83ccafad15f6ce6e7b9ffa3654e830fe","sha512":"e24ee10952e790871f677a882a5a9d9a68a5e2b50b058d843eb2682a5d28b2939e652fceb66b1a6b614717227e29178eb2d12d444396cfda1e9bacff8fc07aae","ssdeep":"","tlshash":"6d90020f19420d8e09048398a130a14202510b432030c00fb66cc34c00e44227017d01","size":54,"data":"","first_seen":"2025-03-31T01:32:22.834027Z","last_seen":"2026-04-04T13:25:27.111176Z","times_seen":2122,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"2512414f817df8312569d55032748f81","sha1":"13467df6e962aa77bb36867ff1412e1ba9f8feb1","sha256":"e193735f8d500f10e2cdc6a94f5a43fb0257c1e2f8afc10fa04f0e3761d258de","sha512":"db6e4298746d519b0987bfa0feb89c39315718e178418e482b1c10c76439eae343afabf2db35ffaaa26c7ee6a3855084d39e9b88d35b11f87c354ceaf38874a0","ssdeep":"","tlshash":"a590029525c25101965295d4455b5c8450658675249569809180956259550205125cbc","size":47,"data":"","first_seen":"2023-04-11T22:25:25Z","last_seen":"2026-04-04T13:40:33.221191Z","times_seen":19229,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/swiper-4.2.0.min.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"be15b3ba6a71edd608b9af34dfc6130c","sha1":"b11842fbe74778511b86bf899fbd02102b57ac62","sha256":"add18244c3d92cb789bd50456f05f02ca034c908bbf4210fedbd9013b3bf5d96","sha512":"ba9c83238efc0b5f43e2e85b104a2b1b010defa0f12d7c3cbff918fae76a7f3d3753ee18dead132729bdd0ae8a3854a481bcba35655dd37a6b6a03813d295029","ssdeep":"3072:6ShcwIktpnBohgZu7HgZsUOUFBWqJTq+NX:hlIktFBohgZu7HAsUOUFBWqJTq+l","tlshash":"65c3184eb390619510e36256565e9241a3b72809780ad0ac35b6cce7adbde4c13bfffc","size":119506,"data":"","first_seen":"2023-03-07T12:23:57Z","last_seen":"2026-04-04T13:50:51.184767Z","times_seen":13348,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/jquery-2.2.4.min.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/js/jquery-2.2.4.min.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d602-14e4a\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T13:29:53.767101Z","times_seen":261224,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/e9b3a8_650x306.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/e9b3a8_650x306.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 07 Dec 2024 18:04:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67548e10-1fa08\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":129544,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"b822ba661cbcb67f1de57efd357550d8","sha1":"32013aa1fe3e3d31b9ebba6ff127271047c68729","sha256":"36da65e4b2083fc430dc41d84b1b060eb31386bf089d5b909f9aca60d70b4aba","sha512":"d51c8c88dfd004c0211edb7cf8f8e3e726f5a0d322ac1448f30bad2905c449d93632bcb8a85fa25a0cb728ac11e95b3e08ef135fab01275eb449d0eedf013440","ssdeep":"3072:6FjFh3IaqejvgTUFNW8tnM/TA8cTfyuWvpDrHj1p0h0gOTWBjXizHrbpKvtJ0Yxj:yjF0ejvgIt5cTgTff0rDYWxSBWrfpCB","tlshash":"bd14f1026322f370d2a695f92d0215e8a2096f99f6dffda4d131c0703c9f52d2ade5a3","first_seen":"2025-09-16T05:38:13.562649Z","last_seen":"2026-03-30T21:55:01.087777Z","times_seen":26,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/932f2f_124x192.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/932f2f_124x192.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d608-26ef\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9967,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"a85acf9dbd419d0056fc83515a891df6","sha1":"45d327d9384ff1841f2c57df7a0e88314823a2e2","sha256":"933e0cbb819db1f41bacf7b22fba47a8735ae19c40b83c37d2bd04c549fd6d87","sha512":"e12ac3b1baf10ed9ca5908f6b87d2c29a619ab37292a7d245d83a47478327347bdea876fbc50136f5fd8b58660be26035e300be8be7dd95e8bfc4ab757b1cf08","ssdeep":"384:1IX177Hed+5uf3MJ2a4bAMZmQANxTczCmtNdVhaMr2QwwU+uiu4eRQ6naPDNS:18vegsq2/BzcxQtpVhXdPyQ6ncY","tlshash":"c062cf192221fb74adf5e1cce4cba0adb2185b5cc189fc31d13ad9300cde61e99adc86","first_seen":"2025-04-13T20:55:44.856897Z","last_seen":"2026-04-04T10:17:13.433088Z","times_seen":199,"resource_available":false,"data":null}},"time_used":441,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":441,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/favicon.ico","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:30.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:30 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-04T13:49:08.649523Z","times_seen":478178,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":220,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2g31jr0ml.bfajr.top/check.png","fqdn":"2g31jr0ml.bfajr.top","domain":"bfajr.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.iqrgp.work/","date":"2026-03-03T07:45:25.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: 2g31jr0ml.bfajr.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":2341,"timings":{"blocked":1170,"dns":718,"connect":223,"send":0,"wait":0,"receive":0,"ssl":227},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/5a1585_292x114.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/5a1585_292x114.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 07 Dec 2024 18:04:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67548e11-9502\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38146,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"ff220cbf863f8fab9f81976db1cb7aad","sha1":"6350a33e6f6f20e1d964c64b352017818319635e","sha256":"3d98f773f57a9a4803024b89e01a9be21ec0ae8b7e3e93258a011471e835c0cc","sha512":"bbfbc91dafab5c5c6751de0bb694d8421ffdf3713734b9ac9ef0b84914cc798af48d6d71491c1880e6e1dab5e20d672254a059c4df8c7254fa6a48ab8d98c2c9","ssdeep":"768:kRgPVNd0BzzTgX1NFbI5x7Z+hmKS2Gyou01x5iaqQznfIvxuJPrnMDmEWdF0Wsbb:kRgR2zgN4rmmKMr5W+AgJzMDDuC/b","tlshash":"7c43d0117257a3b5e3a390fea9d504c0780277e9ffd6f448d928a6702d2f01eba8d5a0","first_seen":"2025-09-16T05:38:13.564639Z","last_seen":"2026-03-30T21:55:01.099586Z","times_seen":27,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/f62429_274x376.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/f62429_274x376.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-d9ec\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55788,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"70d60bf174cf614c9c5a66f5b8515b6c","sha1":"50643a2033d823bcee90c2552d26637bda999d67","sha256":"36ba58f91ab9275ee611a777b31dfe212f345e0b65a84b9d94ecc9d9791cf3e6","sha512":"0a6a54a00ca214a0aeb519fab2bbc4becba54884e89fd31109f36d2a5b9c349413dd0866f2965397304f4ee4a94f0ab16eb1f908073f685712501f96448e5cf6","ssdeep":"1536:IMCnt7HXSjM+9n6Jqmi1xnTxiE+k3mSonW0qnYdnNisOHlhyWeQ0fD1p5AxVEwa:I5ntSj596J6c9k2Sn0qYdngsspe5fD1J","tlshash":"4983e1016340e3b0d3ab84fd29074fd0aa549f55fbc6ad14c63ec6e0196f22576ee5a2","first_seen":"2025-03-08T08:26:09.393295Z","last_seen":"2026-04-04T10:17:13.439391Z","times_seen":201,"resource_available":false,"data":null}},"time_used":457,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":457,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/61ad71_750x652.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/61ad71_750x652.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-2843a\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":164922,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"31d1f438594140ffaee8bf20b33feb79","sha1":"9191c4d3eee3428a91db51a75d444ebb7a092f55","sha256":"aaa47d06e1959ffa72f28935a2f3d926dda205a8ad354506e0e77409903a0b82","sha512":"a992836f8ced1a1e005534414ec2c9ce8faf044334175b41a73e5200d55cbef3ab24ce7f9f17fb35e214bc6ace40c1883d7186865a577599cdf9489ad50590e8","ssdeep":"6144:O4PEWmtTMMaaO81+06CKQbgP/CCDZiv7LVvK+QXt:O4cWiFxOm+0MQsPaCNiThVm","tlshash":"2834e0015312f3b0a7fb51e7690246d832044ea8f7debd51ca34a6a13c9b12d67cf9e6","first_seen":"2025-03-08T08:26:09.400698Z","last_seen":"2026-04-04T10:17:13.419586Z","times_seen":200,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":454,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/074196_750x48.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/074196_750x48.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-99f\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2463,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"411bed79f2b595e8ae4361ac92ae14ac","sha1":"579f3b4223c75d639338a6d9655f46b0d42e34d6","sha256":"b35ced350f07ee7bdd6bc345bf1e035b232137596865ae0a95d0d2eb30cfdb17","sha512":"88f00b438a9ded9cbf41dbec931c2448b14e2ea3caf9212a5eedb8bfbfb65dc53ab0ba2188590128854c47fabc07ff1a584fed85acbd9e255a359e06de32343f","ssdeep":"","tlshash":"ac715c6376030f14a56ae8f99165e7209934ef040341ac47c77f6c2adf0823875dccaa","first_seen":"2025-08-17T18:06:40.562761Z","last_seen":"2026-04-04T10:17:13.425858Z","times_seen":181,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/94cc34_650x306.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/94cc34_650x306.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 07 Dec 2024 18:04:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67548e12-1dc50\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":121936,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"f8a97d6658fcb49908266e98b28d8b01","sha1":"1b01d5dcfa26a86fd0ec47a2102cd2e70c35c1e1","sha256":"cf209be797fc6f61df4c1a0f2a97d4d4d71547f0d5b5c8d7d6e4aa3b89cda91e","sha512":"fa8ebd1dd3695a05549b8de87c95960d2335893a7c711de7efcb5748a5491e9b571842c6508c7f748dce22943f28dc15c70ac9175260dfe9936da0424a1966ce","ssdeep":"3072:7LqYTdkb4jOiT9WRCOK5IeVZIprZ0wUoCofOX8/yIyKjuc6SKk8mY/FKVSd:7LTp+4jOiACOiZUZ0wJCo2X8VtucfKHH","tlshash":"7104f1014393f3b0d6a695f97c0209d862154ea8b3dbbd90c670d6b16daf21e76cf8d2","first_seen":"2025-09-16T05:38:13.532325Z","last_seen":"2026-03-30T21:55:01.071723Z","times_seen":26,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/appinstall.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/js/appinstall.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 18 May 2024 11:09:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66488c64-b9e1\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47585,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (47585), with no line terminators","md5":"8a14913360cd89f0812ea4971df5a16b","sha1":"409a49517dfc31273a84977e1a852ef5ccd60063","sha256":"7c9895f2e57140b2a429c2b5df1eb51b2c0bf49f56365e198fb20a92fe79c1dd","sha512":"afdb6539176c82ae6d211655b974781f7854d7045af9e4f53d66c8c96860c3a0271c27115375c65e93e797585e4e04c9d61fa9464a58a211a0981b2583c0762e","ssdeep":"768:JKOpi9n0gWsgR/DUjVyMcamlyNWAa0kULOLOjOsO3Ow5l5W5P5M5ZgqDdL2fGjcZ:cOpil0gWxbzDqUHJFG+mSsZR1QeyDe","tlshash":"782310c879a2f8501766b172356fd47bf6ab6caaa488c90cd501f4dcfeb4118d533e88","first_seen":"2023-10-22T09:50:31Z","last_seen":"2026-04-03T21:02:00.970499Z","times_seen":6387,"resource_available":true,"data":null}},"time_used":438,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":438,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/bdf036_624x32.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/bdf036_624x32.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d604-b31\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2865,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"f9e36324f4e50e00a1e0ab96ffd5a55d","sha1":"fd8d1804f09f3394a1dbfe9498c2f686ece07433","sha256":"f9bc32335e573dfe8b1ecb324287046b85be1b4808d6872666fbd64804000f4a","sha512":"133be9acbffb5625ee64809439b503831c6e29977a3ef1b10996c34bfc72dc4389b16d6d813660df06929e34ae44c248ada26347d9287cca433d6f70e782bc7f","ssdeep":"96:qB7R/N+FQuTM7VnA8ioVjkdav616leGKjxd/YYB1wrL5:qB1/c/TEAtdP1iIPLwrd","tlshash":"75916c001bb12b72707bfec5f0a787482c27007d89a9e552d416d2b4f5d681263df9cb","first_seen":"2025-04-13T20:55:44.860421Z","last_seen":"2026-04-04T10:17:13.430965Z","times_seen":197,"resource_available":false,"data":null}},"time_used":481,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":481,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/007dbf_750x56.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/007dbf_750x56.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d604-8db\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2267,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"6a05fbdc7c9b5c8cacc01f3c078bb36e","sha1":"e34e93a185b8afd9d8e7f79e227254984b6936c8","sha256":"6efdd8e4fff99edd6b697c48b053be2a3fff99cf03e3fc793edde5f4c4e87e47","sha512":"802ee0cc9a5ceb467b732629ce7cf44305c535e2549bfd3e6746ec3ec8f1630b4262abbb93f6895f8a835e7c08df3a8b5c8874d112471db85ac537729777ba0f","ssdeep":"","tlshash":"e2615c0fb0a9eb72bb81406022b1047ddc62d2c578f566fdc1048332ee8652e323d85b","first_seen":"2025-04-13T20:55:44.83974Z","last_seen":"2026-04-04T10:17:13.423396Z","times_seen":199,"resource_available":false,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":473,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8swvei7jgogf.wbvqo.top/check.png","fqdn":"8swvei7jgogf.wbvqo.top","domain":"wbvqo.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.iqrgp.work/","date":"2026-03-03T07:45:25.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: 8swvei7jgogf.wbvqo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":2018,"timings":{"blocked":1008,"dns":482,"connect":260,"send":0,"wait":0,"receive":0,"ssl":264},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.iqrgp.work/favicon.ico","fqdn":"www.iqrgp.work","domain":"iqrgp.work","tld":"work"},"ip":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.iqrgp.work/","date":"2026-03-03T07:45:25.803Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.iqrgp.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Tue, 03 Mar 2026 07:45:25 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nETag: \"692596c5-0\"\r\nCache-Control: public, max-age=900\r\nExpires: Tuesday, 03-Mar-2026 07:45:25 GMT\r\nAccept-Ranges: bytes\r\nSet-Cookie: 45ec81bf1df8aed7654eed5e012df54b=a5685e58d0442d3495c3f90c83e88395; expires=Tue, 03-Mar-26 15:59:59 GMT; Max-Age=29674; httponly;\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":262,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:26Z","timestamp":1772523926,"ip_dst":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.51","port":39054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-03T07:45:26.065238+0000\",\"flow_id\":1772999301920909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":39054,\"dest_ip\":\"192.163.186.172\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.iqrgp.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":625,\"bytes_toclient\":707,\"start\":\"2026-03-03T07:45:23.391309+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"www.iqrgp.work","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/conf.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:27.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/conf.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 24 Feb 2026 09:25:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d6ea2-462\"\r\nexpires: Tue, 03 Mar 2026 19:45:27 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"28f993b3d4ce13079d1141ecc912a0de","sha1":"dc0ee23cb6cf0d540b732f2866f4dbdcc570cb51","sha256":"5f2148e67db141c7fc60c9a7a81f52931bdc6109157c507f85f7e44523923470","sha512":"7dfa9cbb2ff867bdc835866e45f19bef67b08a20fccece3f2d4c64511033bb31fa967a3b02dc897489b7ce3b5f05a6685c282177a100d51d4c09dbbc2fd382d9","ssdeep":"","tlshash":"03211ec83502c90834e7345f381f156db932324920a4b500d698ee346e6025bf3beb88","first_seen":"2026-02-28T02:26:33.603247Z","last_seen":"2026-03-30T21:55:01.074584Z","times_seen":11,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/css/Swiper.css","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/css/Swiper.css HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 17 May 2024 23:14:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647e4d6-355c\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13660,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13404)","md5":"02bb1097623ddd690a6c64b4fe9d8bba","sha1":"b7bf947d77bb8ecc4f2e9ba1904fd8c7df38cf29","sha256":"5ade07a83794858b9dd9475f5cb86c64defc61a65ff7ae3ed0388653427b97d8","sha512":"2e730c0edfb1bc3b47ee45acea05c754e20d761d05440a7a3f0ca5ad2c1a5a768042d0aac67bee141174982dae2f3b4fb458acddbd459b68f402c3904fcbcfd3","ssdeep":"384:VnUbeQS3Hgx9BU0W/XCcif65W/1mXA82FHpx:VUb63mbhW/XDif65W/1mXA82Fn","tlshash":"e152126417002837f3774f6e4aa1e6b59f60cc838a934d9db2c0dd44d6fa8b9122ea95","first_seen":"2025-02-12T01:45:46.047015Z","last_seen":"2026-04-04T10:17:13.438867Z","times_seen":212,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/2d1ed8_650x306.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/2d1ed8_650x306.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d608-18749\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100169,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"7222c4a03d9b29cc3eadaf5fcfa4619a","sha1":"a1ea9be649cd57a36c66b4bb4b2ead6c0bd827f6","sha256":"9e885ea231f8b15d5737e643224155e822895b4797d5a66901ebfbb377046ddd","sha512":"a21aa1695ff998b997638a690cbb98d35cc3b2a295d3f85b2faea35353c29267130bef1eb02cc773ba9d9248e20001bdbf6a9bc34ef1fa80f60952b43b93050c","ssdeep":"3072:R4k147mzOJpL/hGY7335qxR9sJEhlU9UogOBdGZ7JKjWTjREJ:OW5CZ53a9cEIgJZlhTjR6","tlshash":"02e3e1025241f370e6eda0f96a0316e4750adfa9fadabda4c134d1e16daf41d32ce4d2","first_seen":"2025-08-17T18:06:40.546667Z","last_seen":"2026-04-04T10:17:13.417073Z","times_seen":179,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":445,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/rem.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/js/rem.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 840\r\nlast-modified: Fri, 17 May 2024 22:11:14 GMT\r\netag: \"6647d602-348\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":840,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"e74e945fcc19cbd1d5276e5d4548d525","sha1":"8236e3f3fc64916f9f7f65e8aa2680c9302f0858","sha256":"33442081f56c808935dba715de506e29ebf99eea4d997a64818edb9081369fa5","sha512":"a31082fa7c4afd5138b6f5048ea64b3fced8635505c69b56b2de5168b699069401b415f26eb42ed6ccdbc8e8c8db6f50618fea5890565ed5404f360176907245","ssdeep":"","tlshash":"8a01f166644125384b2b0009a925726cfeb7811303235283f45cae766fb0e430ab1fdc","first_seen":"2023-03-07T12:23:57Z","last_seen":"2026-04-04T13:50:51.161516Z","times_seen":14211,"resource_available":true,"data":null}},"time_used":437,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":436,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"apps.bdimg.com/libs/crypto-js/3.1.2/rollups/tripledes.js","fqdn":"apps.bdimg.com","domain":"bdimg.com","tld":"com"},"ip":{"addr":"60.164.7.49","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.iqrgp.work/","date":"2026-03-03T07:45:23.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /libs/crypto-js/3.1.2/rollups/tripledes.js HTTP/1.1\r\nHost: apps.bdimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: JSP3/2.0.14\r\ndate: Tue, 03 Mar 2026 07:45:24 GMT\r\ncontent-type: application/x-javascript\r\nexpires: Wed, 04 Mar 2026 04:41:11 GMT\r\nlast-modified: Thu, 05 Jun 2014 08:05:07 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nage: 2516653\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nohc-global-saved-time: Mon, 02 Feb 2026 04:41:11 GMT\r\nohc-cache-hit: lz10ct80 [2], cdctcache62 [1]\r\nohc-response-time: 1 0 0 0 0 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21450,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (548), with CRLF line terminators","md5":"d7e914a0aaeb57e9a6534437480eaa87","sha1":"d74461ca0f071302f2474d82a19708661daad912","sha256":"bf3bed187f585b21b023fe6e0c5166cdc6d32afb212dbd590f6e2d6ccf510573","sha512":"3160a12313bfec76d7f8285c7b9848fa26ac05d76b47f52cd375958737ddea7f4173375c9fa7aeebe059043deb05cd8d13bc6743fea8b028ea5b1a6c41d26003","ssdeep":"384:OgZ1OMaehKPqc7ChlWruydQtoRoSvGl9OcQ5Zw+U5j/:pDphKPqaAYHdGoOSel9OcmTu/","tlshash":"96a20bc9719d3582e3a1749044bb314b74bb2677814c56b8f290dacceeacda9413de39","first_seen":"2023-03-08T14:26:09Z","last_seen":"2026-04-04T13:35:19.082307Z","times_seen":4183,"resource_available":true,"data":null}},"time_used":2432,"timings":{"blocked":1084,"dns":328,"connect":251,"send":0,"wait":262,"receive":0,"ssl":504},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/check.png","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.iqrgp.work/","date":"2026-03-03T07:45:25.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 157\r\nlast-modified: Sun, 16 Mar 2025 15:08:12 GMT\r\netag: \"67d6e95c-9d\"\r\nexpires: Thu, 02 Apr 2026 07:45:26 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":157,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"59ddbbfee6a22f690748aeb9c4bbf0b8","sha1":"9584604b5a0effe014f69b8e920c9aaa044c0817","sha256":"9b09cc37a9e6d7121c0a2c19d4e28f6acb9aaac3cdb605fe89ea3578ac1d0b62","sha512":"cd0c68a2fc53f57ece0f534ac378355334ff2f91e33b1268e62dc6462b13c3eccdbb773337f7ce4466e2667ddd1268a3c176ea28076c037837e0911f0622487a","ssdeep":"","tlshash":"26c08cc92340bd6e892e04a7005b0a20d5e759541a236e5ab46ea49e2c866096584382","first_seen":"2024-08-19T18:25:13.320638Z","last_seen":"2026-04-04T13:34:35.500812Z","times_seen":3694,"resource_available":false,"data":null}},"time_used":2100,"timings":{"blocked":939,"dns":486,"connect":221,"send":0,"wait":221,"receive":0,"ssl":229},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/9b28c6_750x702.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/9b28c6_750x702.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d604-2ec0e\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":191502,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"0566bc3836edabf6c17344f96eb8ebd1","sha1":"50d920b8ea4a67be9406fc2bbb72a0d6ce6e16f0","sha256":"3eb0d38e4b0cc30ba62a9829da774e35e3cee6cdf711982b3b4069ed49250c08","sha512":"45b83c49f854abc01d8116749c163648994d57d11a293cf4d930d6e03249546ffd6aa304fa9f50b890e96ba85083efe32cbf1dc21cdfc33093775b759eda8c67","ssdeep":"6144:UInBoUYBF3TZHCkuEmVPCdtihHl/o6UHH7sJyMkP/XYuAEOA:UInBoUYnZHSEePCGhHlw6ywkXAE1","tlshash":"d854f1021351f33093b795fa985346d8b6145f89f7eab991c214d5202ecb22ef2df9a3","first_seen":"2025-08-17T18:06:40.563694Z","last_seen":"2026-04-04T10:17:13.434138Z","times_seen":177,"resource_available":false,"data":null}},"time_used":489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/fea34e_274x376.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/fea34e_274x376.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-10e9a\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69274,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"fc1d37fbd8de536069ac9590a474b163","sha1":"eabb452dc9965257157166f1ad925603e0db8ed3","sha256":"703e747378c6594bf8bb4feaa8b9792ae22147b00902b87c227a0383b98a195c","sha512":"cf7ce56277d981baf23625d1864636cdde40b44241382a157be66dcb64601bf44155b98c937aec4ead7989eebec3786d0df4520bf07b484a11e3e02eb24671ff","ssdeep":"3072:Dt/msbvWanasts9LiRrKr1VhZ9zcNyxYSm31P:Dx5Vn/YuRWr1/cEeSg","tlshash":"7ca3f106a251f3f0d79191ffe40b67e0700dae9aa7daeda0c124a1712d9b21db75e1f0","first_seen":"2025-03-08T08:26:09.395273Z","last_seen":"2026-04-04T10:17:13.431473Z","times_seen":199,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/790ed8_274x376.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/790ed8_274x376.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-c8c6\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51398,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"29e66bbb01c1d4d136d0dc067319b0c3","sha1":"021d510b5f201dbd0396effa26f105c93bba03ce","sha256":"6c18ea7ac44fb81e01bb4f44dc4fc7a9d806ecfb2dc40e9d866d855104ea9928","sha512":"f6a148c81c44fa9423663e10c2e2850bb5ed92fb4325aad70afa58e4cc5861effe89a807ad7bc19c74e088a167bd2b8505e0745736af2502fd209f05c676b957","ssdeep":"1536:1m2yDCciFSLTZEBX1WOnkl/FvRBmVklmUdhB1B39o0jy9PIapMKM5q8h0L:MFQALat1WO8/F5BPd1g0OO3KMFe","tlshash":"bf73e1026240f354d36b42fa651229d4f5449ef8ebfbadc4e624d6563c9621eb2fe0c3","first_seen":"2025-03-08T08:26:09.390657Z","last_seen":"2026-04-04T10:17:13.440898Z","times_seen":200,"resource_available":false,"data":null}},"time_used":467,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":467,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/1c2b6d_650x306.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/1c2b6d_650x306.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 19 May 2024 08:20:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6649b662-17e50\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":97872,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"4b0abb0a59e6556ca4d184136f9f0852","sha1":"bee0601faf81d9dd388da9e5ba4e4509dceb28a5","sha256":"3be947c9f37779675fdd4e48632d4d30fee9b6a4124128346c61a7b96c93bde1","sha512":"621f677076d0c13488cb40c48fe67b7aa7aa9313d631160fdda5579e22cf9015b61ed2b0ae9dd3ad59cd2e02987002d5c8c50cdf5a585641d2a6607476dfe4f8","ssdeep":"3072:zLBGExwa6ESVddR/4u3qCbvKxOUTcqQ6kVZ2Jq3Rcho2caGMNx/CNyRg58shly:HBGXMeddui7uOAc9uJuRcGlalLqlly","tlshash":"b4e3e1049202f370d376d2fa680341c9ba018feafbaaad54c524d5b02e9d52d77cf5e6","first_seen":"2025-08-17T18:06:40.533243Z","last_seen":"2026-04-04T10:17:13.441709Z","times_seen":179,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":446,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/b0f853_650x306.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/b0f853_650x306.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 07 Dec 2024 18:04:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67548e12-1fadd\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":129757,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"dac91f73aa119fe7459630504762c1b2","sha1":"26dd532181b8f50833df761a39cd0b6a5ad67f33","sha256":"f6b6d5b926b13fb654eabfc41dd77650086cea313abaac43e840b7affce0f8e1","sha512":"10f3cc339f2c36ffe6544949ee633179f3d4956c3817496e8ff202bd62d2bd17bf8daaa06a99e233d53a08571dcf917af169ea016ba6bf647e8a6716ec8ebf7e","ssdeep":"3072:C7QOYjM8gJyu3ngdi3yviFAk1L/z+Qsr6u0rPTGlXqLkJvpBl4J2+PNvb:uYji13gdi7O0qQsKrrGlXqLKpBlHcNvb","tlshash":"f914f1015343f770f2bfe1feba034dd862159d99e6aafc90d224d0a02d5b62c66ce4d2","first_seen":"2025-09-16T05:38:13.546574Z","last_seen":"2026-03-30T21:55:01.070603Z","times_seen":26,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/MobEpp-1.1.1.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/js/MobEpp-1.1.1.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d602-6278\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25208,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"b4cd45273f059ebff2ac2185efd52bf9","sha1":"fe2cca20ad99606127aa64fe74059f4dfd6dad60","sha256":"3816789af95bb9ed6245bab40c8a8aa56082819801a93d4a79ff9599bd7dc68c","sha512":"ac94c7f14b8091240cd29166ccab408f09af554c4a38e7aae2618b65429c3e2cd0885810a2f2cb5b0f937c793e15abe9a5ce6bc226f503ae4c8b61490fc785ae","ssdeep":"384:zJdTONjokUwV3CfyTxGZ8wvvC1x8AAr4VZjladj8yUorA49NfNoxRZ9Tbmmxyh5B:z/OxokU9BA1yU8sbPgMU","tlshash":"2bb251587b4c156d80e3b67a027f1909ec3dc433960485a4f0bda9e46ff465a232eebd","first_seen":"2023-04-06T18:33:51Z","last_seen":"2026-04-04T13:25:27.089239Z","times_seen":8324,"resource_available":true,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":430,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"o1tlp0.bvppn.top/check.png","fqdn":"o1tlp0.bvppn.top","domain":"bvppn.top","tld":"top"},"ip":{"addr":"43.252.173.18","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.iqrgp.work/","date":"2026-03-03T07:45:25.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: o1tlp0.bvppn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 157\r\nlast-modified: Sun, 16 Mar 2025 15:08:12 GMT\r\netag: \"67d6e95c-9d\"\r\nexpires: Thu, 02 Apr 2026 07:45:26 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":157,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"59ddbbfee6a22f690748aeb9c4bbf0b8","sha1":"9584604b5a0effe014f69b8e920c9aaa044c0817","sha256":"9b09cc37a9e6d7121c0a2c19d4e28f6acb9aaac3cdb605fe89ea3578ac1d0b62","sha512":"cd0c68a2fc53f57ece0f534ac378355334ff2f91e33b1268e62dc6462b13c3eccdbb773337f7ce4466e2667ddd1268a3c176ea28076c037837e0911f0622487a","ssdeep":"","tlshash":"26c08cc92340bd6e892e04a7005b0a20d5e759541a236e5ab46ea49e2c866096584382","first_seen":"2024-08-19T18:25:13.320638Z","last_seen":"2026-04-04T13:34:35.500812Z","times_seen":3694,"resource_available":false,"data":null}},"time_used":2191,"timings":{"blocked":985,"dns":538,"connect":220,"send":0,"wait":220,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":"广州有啦网络科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 18 Mar 2025 04:08:22 GMT","end":"Sun, 19 Apr 2026 04:08:21 GMT"},"fingerprint":{"sha1":"AE:CB:32:71:EE:EE:E6:72:A4:88:B2:9F:4F:C4:E5:B5:A8:C2:73:6C","sha256":"7C:F1:09:2F:6A:8C:5B:F8:63:DF:D3:32:B0:F3:F8:E7:01:29:0E:F2:55:8B:4F:6C:58:55:8E:44:E9:EC:15:F4"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 308\r\nOrigin: https://9kqegm.rogwn.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://9kqegm.rogwn.top\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\neo-log-uuid: 3079682123038411401\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":1019,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":972,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/ba78c4_274x376.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/ba78c4_274x376.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-d268\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53864,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"8e41592b85b65203d710811145782cf3","sha1":"79a3bdb8b134b2d5515c180e0cda507ee9fbd3a2","sha256":"c7be5c0bacaa2de440cb2361894de7d4bf71d2b131d0236a5f4a72881fa3e42a","sha512":"50088a0032f1df8a3c6bcc0a8e7fd1c65f340e748817764d2af0d8db6b9f59b84792a8a58e78226649d1c09c43b6f00fd6bb5e8c5237490cd76ef8c204672e80","ssdeep":"1536:57zrpZpG8fOp2E3HX+l4pkXiRVapBxwghFfZqmS6AmgVn655Nyf5eZPFdu:lBZpG82v3HOCkySnhqmS6nd55Nyf4Zu","tlshash":"b173e1065302f3b4c6d9d8e3e22605e893044d51aad6fea0ca31d2a07e9f13db79f496","first_seen":"2025-03-08T08:26:09.399963Z","last_seen":"2026-04-04T10:17:13.431949Z","times_seen":200,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":459,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/js/swiper-4.2.0.min.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/js/swiper-4.2.0.min.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d602-1d2d2\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":119506,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65273)","md5":"be15b3ba6a71edd608b9af34dfc6130c","sha1":"b11842fbe74778511b86bf899fbd02102b57ac62","sha256":"add18244c3d92cb789bd50456f05f02ca034c908bbf4210fedbd9013b3bf5d96","sha512":"ba9c83238efc0b5f43e2e85b104a2b1b010defa0f12d7c3cbff918fae76a7f3d3753ee18dead132729bdd0ae8a3854a481bcba35655dd37a6b6a03813d295029","ssdeep":"3072:6ShcwIktpnBohgZu7HgZsUOUFBWqJTq+NX:hlIktFBohgZu7HAsUOUFBWqJTq+l","tlshash":"65c3184eb390619510e36256565e9241a3b72809780ad0ac35b6cce7adbde4c13bfffc","first_seen":"2023-03-07T12:23:57Z","last_seen":"2026-04-04T13:50:51.184767Z","times_seen":13348,"resource_available":true,"data":null}},"time_used":434,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":434,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/624a12_430x126.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/624a12_430x126.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/css/style.min.css\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:20:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d832-5091\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20625,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"cf5727dcdd7e8913c5635519bac0c6f0","sha1":"b743fdb69a9c189694e07b7ee1797ab73da2bd08","sha256":"8e255f67da2297bb52f097ddea25edf694a43990cb07f8033ae784f723804ad8","sha512":"81da12660098b9ed5b39c0cc1eab9d262320ea3e580d31067830ba24c9862e2810ce923c5e1c2eb157d4e17bc7814db87621d42eb28bcf651a4af535e27c82ca","ssdeep":"768:+eYk/JtegsEPy+XZZfg/kPFRKhrIkfJdosLi5souwYDcGs:D1/LDNPy0FRKhrI6osLMsoqDq","tlshash":"ddd2d0116300e3b4ebd559fc160228d5f2801ba8bad99d75d92ce150cec7a1eb78e532","first_seen":"2025-08-17T18:06:40.538728Z","last_seen":"2026-04-04T10:17:13.427668Z","times_seen":181,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/b0f1a5_214x80.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/b0f1a5_214x80.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/css/style.min.css\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:18:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d7a6-2c4d\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11341,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"7c96fa72bbec303f2bc82d796a18406b","sha1":"ea9f38c648c2f4beecd5268a2cd29e8324ddfc10","sha256":"c6f7ccada6254611286accdde394abd4fe3c9de87e2a0ffd68051f76bac8bb14","sha512":"1f38cb23ff167b7fab0a5f49a0060d38dd6b793e371b5634fccee2e38e4ef77758ed6220b29a055406f7d590fe91e8388243655b1c212dc78922f642a8241372","ssdeep":"384:wqu43aCpKwyfM/QEguv3L0jGgkBSrzV+/wAPOEVrwl05SP5:wlwa5wuo113L0jGRBSPU/wAWEVO0wR","tlshash":"4772cf02a702ff14b27ccbf50e515ac1754106e9a7297e70ec24b5d17e6a94f72bd2e0","first_seen":"2025-08-17T18:06:40.540125Z","last_seen":"2026-04-04T10:17:13.420826Z","times_seen":181,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":406,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"er6kk1e3bkgnpky.entsbio.com:6443/web/grniwq9g/wwwiqrg/init?channelCode=wwwiqrgpwork\u0026av=0\u0026cv=0\u0026hash=\u0026server=https%3A%2F%2Fer6kk1e3bkgnpky.entsbio.com%3A6443\u0026sw=p6Supg\u0026sh=p6akog\u0026sp=1","fqdn":"er6kk1e3bkgnpky.entsbio.com","domain":"entsbio.com","tld":"com"},"ip":{"addr":"163.171.132.205","port":6443,"asn":54994,"as":"ML-1432-54994","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:29.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.entsbio.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Feb 2026 17:02:36 GMT","end":"Sat, 16 May 2026 17:02:35 GMT"},"fingerprint":{"sha1":"ED:C5:8A:6F:66:CF:17:C1:21:D9:F5:E0:DC:31:96:78:DF:8B:FF:CB","sha256":"0D:87:ED:84:62:F7:34:8D:2A:0B:00:68:50:39:33:06:B3:30:96:C0:4A:0E:1A:A9:98:B7:B4:10:60:89:04:C9"}}},"request":{"raw":"POST /web/grniwq9g/wwwiqrg/init?channelCode=wwwiqrgpwork\u0026av=0\u0026cv=0\u0026hash=\u0026server=https%3A%2F%2Fer6kk1e3bkgnpky.entsbio.com%3A6443\u0026sw=p6Supg\u0026sh=p6akog\u0026sp=1 HTTP/1.1\r\nHost: er6kk1e3bkgnpky.entsbio.com:6443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=utf-8\r\nContent-Length: 32\r\nOrigin: https://9kqegm.rogwn.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":32,"data":"{\"channelCode\":\"www.iqrgp.work\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: NgxFence\r\ndate: Tue, 03 Mar 2026 07:45:31 GMT\r\ncontent-type: application/json;charset=utf-8\r\naccess-control-allow-origin: https://9kqegm.rogwn.top\r\naccess-control-allow-credentials: true\r\nset-cookie: appinstall_tkid=29725690619; Max-Age=86400; Expires=Wed, 04 Mar 2026 07:45:31 GMT; Path=/\nv-app-grniwq9g=1; Max-Age=315360000; Expires=Fri, 29 Feb 2036 07:45:31 GMT; Path=/web/grniwq9g/\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nvary: Origin, Origin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":574,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"90cd10df9a99a8a967dc7a79b1d2c0e6","sha1":"608e0639dc1b0e2ff7ce5d3502cd92812c0f75ca","sha256":"09603ead637a044405f011b9e7275745dcaeae7a14702d6ca35814aacef5e73a","sha512":"574d5db5ca99ac339377c2f3442c32f6772aa1b5b8ed61bd63140e2d3348fb51a9bee7f51bd233ea89bb7a0595046c03520c7dd2b8e5848bb6117004c77dd9d6","ssdeep":"","tlshash":"dbf0e1832ee488499715032184c63da4f66d701f71d428f5ec456e3060fd1f4e964037","first_seen":"2026-03-03T07:46:11.150773Z","last_seen":"2026-03-03T07:46:11.150773Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4257,"timings":{"blocked":2006,"dns":1732,"connect":25,"send":0,"wait":244,"receive":0,"ssl":247},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/55aa77_274x376.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/55aa77_274x376.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d604-aa45\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43589,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"f1f73b3c0c377a33b061f1f265ad9c24","sha1":"b44a0e8c8552575fb36129f04edefe568eed33dd","sha256":"f81fc34183d3c3edc15c156fbc8dc1c2b08857e191bfc22b11021e1ff435cfa9","sha512":"e42febe4f2906d2bbac647c7ab3ece59f4b97123c1f6e7c25bc29429a3b2bf890aea9dbfcf3dc35add5c5da9bf14dd2fe0589c9b13dcd381772f785101bd2591","ssdeep":"1536:0i0CwtqwAxtqGDkegtCMv3+Pnqia8KlnvsJh9:P0CTqZegtCJeVnvsH9","tlshash":"2b53d00b6241f3b0f3ea92fa28230bd561059e15e9e3b890c639d2515c5fb7f70af156","first_seen":"2025-03-08T08:26:09.387543Z","last_seen":"2026-04-04T10:17:13.425271Z","times_seen":200,"resource_available":false,"data":null}},"time_used":471,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":471,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T07:45:26.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:27 GMT\r\ncontent-type: text/html\r\ncontent-length: 1020\r\nlast-modified: Sun, 19 Oct 2025 07:21:54 GMT\r\netag: \"68f49192-3fc\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1020,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"81f7e0a7a2c89791fcf41f95b488370d","sha1":"efd88c5bfe2d183b5121f7d0f184534c8d7bbee0","sha256":"9bda1a97ad6802434a03269df2c7e86074dea60c64f6f342334310cddb5b62fb","sha512":"c40f5c88d3b6267d5bf3064ed5adef5681c094f65397bf60876caef6c066b8527d7e26ae35dd1158810634b03597c5b4360619ba9d213d01e525167ea5c3fec6","ssdeep":"","tlshash":"f011b1979c238c0e5560cd48f8f5f10989a8e522d125dc81b4d8e19d4dc5fd5c8e3739","first_seen":"2025-10-19T20:34:27.681415Z","last_seen":"2026-04-04T10:17:13.422782Z","times_seen":154,"resource_available":true,"data":null}},"time_used":1109,"timings":{"blocked":441,"dns":1,"connect":219,"send":0,"wait":220,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"htjswj.oss-accelerate.aliyuncs.com/zbpg.js","fqdn":"htjswj.oss-accelerate.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.254.186.217","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:27.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.oss-eu-central-1.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 21 Jan 2026 05:48:22 GMT","end":"Sun, 07 Feb 2027 03:11:39 GMT"},"fingerprint":{"sha1":"64:86:8B:A7:E4:DC:0E:74:32:46:53:69:3C:B8:E4:89:DD:F6:BD:55","sha256":"B8:C1:A5:52:E0:02:69:05:3E:47:AF:74:43:E0:AC:57:AB:A5:93:BF:4E:FF:3B:47:70:FE:C7:D9:C7:08:29:93"}}},"request":{"raw":"GET /zbpg.js HTTP/1.1\r\nHost: htjswj.oss-accelerate.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Tue, 03 Mar 2026 07:45:28 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nx-oss-request-id: 69A691982599E094957E60DB\r\nLast-Modified: Sat, 20 Dec 2025 03:11:58 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 2028340570254753364\r\nx-oss-storage-class: Standard\r\nx-oss-ec: 0048-00000111\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: CZF79nqcY/x34WvQQ53vCA==\r\nx-oss-server-time: 2\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1453,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"09917bf67a9c63fc77e16bd0439def08","sha1":"ffeb21e91978c56aa341591ffe19c5b1f0132be7","sha256":"e7ff7efac61200ffb39f1fa30b0c978f2a1f1ddbb9865219ccb2efb60d2ea45b","sha512":"657c6f17d6f1de9724609854af880fa26182e6b8de77d73d80cec354ccb1d3cc3d08645d3b6c9716fa9accb021b5ab57c5cbb8f6717d9ae8cd444c4babcb0613","ssdeep":"","tlshash":"31319ecf115624102ab263bd4f67750dfb63006b608e82a8ba4d435c2f3621a8252fdf","first_seen":"2025-12-25T08:37:07.365342Z","last_seen":"2026-04-04T13:25:27.092903Z","times_seen":1308,"resource_available":true,"data":null}},"time_used":2175,"timings":{"blocked":997,"dns":931,"connect":21,"send":0,"wait":176,"receive":1,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/css/animate.min.css","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/css/animate.min.css HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 17 May 2024 22:11:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d602-12a7f\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76415,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (460)","md5":"f99056fa91461523e9cf3ed6e59c0542","sha1":"ef4d745937d618909e5e585e79e8afb47d77bbb6","sha256":"5c4e57209d2f929d3168e3853aec6442ddb0ae44596b8e1db98ff3da4aa17e75","sha512":"3eb3511457b874e3fb8aa9e03fb5eb566bd245f25b97a37395c5bc41dc49e29408665bc6eee77989454de2a42614b0896d7f29e3cf456f21edcf2f58e8974cae","ssdeep":"192:wIQHnGg5p1sgqg501K7JuFRH2UNURV2/o6R7M8EA+UQRjMsEu+/6QI3iiFIFibTg:wIWjy","tlshash":"4873e9a928a211445727491587df4f78663ce5a31826ecfab3de588b8f01fac23cd617","first_seen":"2023-04-06T18:33:52Z","last_seen":"2026-04-04T13:25:27.08001Z","times_seen":3261,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/1b27d8_750x702.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/1b27d8_750x702.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d604-285d0\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165328,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"cdf3024b0600069926d1b3c1d39cbb76","sha1":"72e76dbef3dd85549c7edcba7a65f29241f824bf","sha256":"8b0d04111e96f711fe79cd06c3313340682c25e6aaa09ba5af40c6c66d5d6672","sha512":"e6e46dd7d7172c80e8a46420047f87d2aa4867deb515d5f6f8170df0a198f7dbe8f0e4bbedbf0387233d985cb41930677e714951890836688c9c940646cc341b","ssdeep":"6144:xPlFUhuGZIdcGc+a+DH19N2J8hQPjgLEs/LtzCdpidsB:xP32hIdltaeH19Nfh2ns/pzCdMqB","tlshash":"a934e1021302f3b0b2b6d5feac4205d872199e89f7c9b950d628c6611c9b52db7dedf2","first_seen":"2025-08-17T18:06:40.55356Z","last_seen":"2026-04-04T10:17:13.436342Z","times_seen":178,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/a033d6_750x702.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/a033d6_750x702.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d604-25a29\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154153,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"f9c0bf65f83f228ac9f7166b4c77148c","sha1":"0fc13bd575f7dc61b4db7b2954a10244c6d7456b","sha256":"49c06ef9a39fc194509753b4f1e76a42e61379758e454cb36cc6899ad453b0c8","sha512":"494e582ff1f8f7cbfd171bebdf7feb5c3d270dfeb9f216d8ca353789a4a8ea700f2119ada4eabab3301a3680b40aa0cfcc47f5e49554e4dcf9aa994ceb498e72","ssdeep":"3072:OYmta6bjMFyQfg3GOUsffwcw+wvZ0kOOf7mi+wprQLfMv8C0b4nXFTZ5x/xSzIC3:Bod8A9fwQwYOf7mi7r5tD97VgN+Bz2","tlshash":"1434e1012313f3b092ab91fa695645c866048fdaf7c6be50da30d5613ccf22d77de9a2","first_seen":"2025-08-17T18:06:40.550331Z","last_seen":"2026-04-04T10:17:13.416431Z","times_seen":176,"resource_available":false,"data":null}},"time_used":490,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/b7858f_692x170.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/b7858f_692x170.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 07 Dec 2024 18:04:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67548e10-76df\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30431,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"e6e3d5a529cf50897950f123941bd76f","sha1":"0bf37978dc8b5d4562317e5288a4083af4376d79","sha256":"70f917c445c17c3dba6dfb306ccbe685e859145fc746f7d9de89626d5d46d1b4","sha512":"9e49f2fa9713d6adcd86862b28f04742842e69f7fc6110b0fc6d04c9fd434834e1fb8c65b4294a91034fb3158780acee1adcb77dd72fd03d811553678020cbd5","ssdeep":"768:FgiRxUDKuc7IPLc/JS2slvYUUmLXDHozR5t07vITAHY/rg7CLnYHXpTVLkwTN6yF:miRhD79/mvLUmLzHod07BhdH5JzD3Mmb","tlshash":"c313e0051383e330d3e6e9faa4074ae4190082e8e6c5bf18c7b4d2b97d6a93d738d4e1","first_seen":"2025-09-16T05:38:13.55088Z","last_seen":"2026-03-30T21:55:01.084338Z","times_seen":26,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/9c9e13_750x56.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/9c9e13_750x56.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-8db\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2267,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"6a05fbdc7c9b5c8cacc01f3c078bb36e","sha1":"e34e93a185b8afd9d8e7f79e227254984b6936c8","sha256":"6efdd8e4fff99edd6b697c48b053be2a3fff99cf03e3fc793edde5f4c4e87e47","sha512":"802ee0cc9a5ceb467b732629ce7cf44305c535e2549bfd3e6746ec3ec8f1630b4262abbb93f6895f8a835e7c08df3a8b5c8874d112471db85ac537729777ba0f","ssdeep":"","tlshash":"e2615c0fb0a9eb72bb81406022b1047ddc62d2c578f566fdc1048332ee8652e323d85b","first_seen":"2025-04-13T20:55:44.83974Z","last_seen":"2026-04-04T10:17:13.423396Z","times_seen":199,"resource_available":false,"data":null}},"time_used":456,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":456,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/cdn_domain.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:27.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/cdn_domain.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 16 Oct 2025 02:47:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68f05cb3-5fb\"\r\nexpires: Tue, 03 Mar 2026 19:45:27 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1531,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"95e8c547b0d333a78964029fa1534a45","sha1":"f86239d73556c2f085ff61361e1bb5ffb6d1631f","sha256":"a72692af1aea3e01baf4c380dd31fad611fdb3e5a3416a8765cc8886fc651fad","sha512":"0d861a110d16e0d6671069845aafe4db131dd28c10845b30d8921bcbe876b0139d5365733857de6a72de1df9623dc300aef3586827cf674436da0b851071ecb8","ssdeep":"","tlshash":"d03131dae1d1585e02ca34016e1fa109e8b970aadc29dc03561c85ac70a4feda06bead","first_seen":"2025-10-16T08:29:01.162261Z","last_seen":"2026-04-01T22:49:08.329022Z","times_seen":229,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/body.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:27.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/body.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:27 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 03 Nov 2024 16:04:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67279f16-dbe6\"\r\nexpires: Tue, 03 Mar 2026 19:45:27 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":56294,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (56294), with no line terminators","md5":"ba01097a1d283092e14d4ec401513bf6","sha1":"8e55266f8889d62bdc5b95e045cc6f24d9bcfb3d","sha256":"fbf64ed9cbbebcb45a57097b3c393d893d367e2b627ab97ae52b4dc7abdb371d","sha512":"276e05afe5f15760d68777fb056c04442f4a03aed1e67e550438375004826854748fcd894010fd044387073a98fcb1f7759bf38b04731994b95075d1af3546dc","ssdeep":"1536:MbLnehQu5tv0MDprWz+iR0zFf8dvywX31LW:Mo9TDprWzDRKUDW","tlshash":"e043199873c9b46003a72bf73f0fb2e1e15710de7454491eb580b5b8b9a4b2bd2d9a31","first_seen":"2025-08-03T01:58:24.991732Z","last_seen":"2026-04-04T10:17:13.429951Z","times_seen":190,"resource_available":true,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/css/style.min.css","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/css/style.min.css HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:28 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 12 Jun 2024 11:57:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66698d0e-24d5\"\r\nexpires: Tue, 03 Mar 2026 19:45:28 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9429,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8861), with CRLF line terminators","md5":"6faef480f5b8b6b7b1c264a7078f8657","sha1":"678545b3b12d401956e875ec5ba4d6ea5004c64c","sha256":"914e0fe766995b8f04d945e709065c9f0f7dd4a41e54465b31006d7cbdb45f2c","sha512":"21bf5be515abd876deb94e5b0b009890d160dd71980189fed38bdc67681d9eb6d063057f64921456128328ba60bea986f0096fa12e78637ba0e4ca7eaeb9eef8","ssdeep":"96:3zQdbEQFb+tree4IsYI9XJUc+s7zG2xkq2P6IYd3b2Ko1lLmDv20OLoctLV8mVQF:ztreVQb2V2msav20OLoctLV8mV0HeQrr","tlshash":"6a12937a9a22311de12bd6213ee05bec5238c116e307065df5173a3bcb8f15a0a76bcd","first_seen":"2025-08-03T01:58:24.99552Z","last_seen":"2026-04-04T10:17:13.438001Z","times_seen":188,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/ed9963_750x138.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/ed9963_750x138.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 07 Dec 2024 18:04:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67548e11-8ca4\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36004,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"b30189ff0a3b4f7f81dbcc993b3f2d65","sha1":"7052b3180302acc5575492a60ff336663a01f04b","sha256":"ba3955f0884f5751911a252dd44fc787cdd5fa7036bf6b739686d4fe08244f6c","sha512":"c5a6b3b172fab60a5737aac1d068c4c6ff6d33d4606e3a0aef0c19059a6ecb6c5310c132c021633f5d495c666bb95ab0124c79743405b3bd093d1203853ac365","ssdeep":"1536:ppuQEWvguOtOAIAHDBNVTYiK+52mfz3/I8YQ:ppXEWIuOtOAIu5PJ5rfTI8T","tlshash":"1733e14fd381f360c39941f9ac454ed49318cd89f3a6f990c265a7e12ccb62da6dc8e2","first_seen":"2025-09-16T05:38:13.525947Z","last_seen":"2026-03-30T21:55:01.088634Z","times_seen":26,"resource_available":false,"data":null}},"time_used":442,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":442,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/3a373a_750x3429.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/3a373a_750x3429.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/css/style.min.css\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d81c-111bc\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70076,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"3d9717b3520034c481ceee27f2f7e32e","sha1":"46c37bb9e1d480b625043b18af2e22885deb011a","sha256":"81f4c82f6b5720affb442d10db143ef747a5d12b27d17428f7d10e014ef2843b","sha512":"049c045644ee1dcae6ffa38c9e31c1c0d22c111289aca366d0585a43d91bee62f9dac7cb4dfd534806d0dc32843f153e7844bf03f2827f52a2144b513956acb8","ssdeep":"1536:L9pADJQF9TqYhoAHfAHp/JO5AbknghpD371qxGJFqy7o+2Er+4AbwiYFK:L9mDOFR2uA1JA3ncDJS4vs+2Eq0iYFK","tlshash":"1fa3e1151301d3b0cbaad0f8a95702e814113fdcebddfeb1da64c2a12d4a23d756e9a3","first_seen":"2025-03-08T08:26:09.393977Z","last_seen":"2026-04-04T10:17:13.418413Z","times_seen":202,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":410,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.iqrgp.work/","fqdn":"www.iqrgp.work","domain":"iqrgp.work","tld":"work"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T07:45:20.933Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.iqrgp.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":2191,"timings":{"blocked":0,"dns":1552,"connect":267,"send":0,"wait":0,"receive":0,"ssl":370},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:23Z","timestamp":1772523923,"ip_dst":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-03T07:45:23.671862+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":39042,\"dest_ip\":\"192.163.186.172\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":1065},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":671,\"bytes_toclient\":5676,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"www.iqrgp.work","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"q336s6ex3ff0gq2.bvppn.top/check.png","fqdn":"q336s6ex3ff0gq2.bvppn.top","domain":"bvppn.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.iqrgp.work/","date":"2026-03-03T07:45:25.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: q336s6ex3ff0gq2.bvppn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.iqrgp.work/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":2019,"timings":{"blocked":1009,"dns":524,"connect":239,"send":0,"wait":0,"receive":0,"ssl":244},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/page/static/img/9d6a9a_274x376.js","fqdn":"9kqegm.rogwn.top","domain":"rogwn.top","tld":"top"},"ip":{"addr":"103.233.99.29","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work","date":"2026-03-03T07:45:28.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yzhrx.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 04:36:15 GMT","end":"Thu, 02 Apr 2026 04:36:14 GMT"},"fingerprint":{"sha1":"BE:BD:05:F6:B0:58:21:CD:6B:2A:BD:B0:9B:90:8B:5C:6B:C0:E1:6F","sha256":"6E:58:76:07:14:D3:A4:EE:23:22:C5:4F:F1:47:98:2E:9A:45:F8:D8:BC:1A:61:6B:71:54:98:58:DC:56:8D:1C"}}},"request":{"raw":"GET /page015-%E6%A3%8B%E7%89%8C/page/static/img/9d6a9a_274x376.js HTTP/1.1\r\nHost: 9kqegm.rogwn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://9kqegm.rogwn.top/page015-%E6%A3%8B%E7%89%8C/?channelCode=www.iqrgp.work\r\nCookie: __vtins__KQNL5mb44P3zNpTB=%7B%22sid%22%3A%20%22a53bcbc9-bad7-5dc2-87be-7040a237f709%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201772525728526%2C%20%22ct%22%3A%201772523928526%7D; __51uvsct__KQNL5mb44P3zNpTB=1; __51vcke__KQNL5mb44P3zNpTB=f3759ed8-576a-53f3-a1d6-e16c6489f183; __51vuft__KQNL5mb44P3zNpTB=1772523928532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:45:29 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 17 May 2024 22:11:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6647d606-baa8\"\r\nexpires: Tue, 03 Mar 2026 19:45:29 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47784,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"4fc9be510d2d0bb0499c47606c885c99","sha1":"674a5b390fe528491ae366ddf726dcd555de044a","sha256":"6daf5bfa4cc012b40927b2ea4d878b9f7f50f418a788f6195b6aad9e37b84452","sha512":"f46b8c5b898ea61815c5f7ca36e169ab0776549992099bbfd81ce9d3942658391913ad802607b7c2bbdc47ceafebe7e1be238ebc0b4a5c8e4c62c5dd39df1714","ssdeep":"1536:EuhC/dSAj2TkvMnUzf2/i1ey6nvXAY8d363siVUQ:EuhC1SBYv/TkiQdnvQ5s3dUQ","tlshash":"5b63e1011753f784b7f9d5ef440248e8e1e6c694da666fa8d234d9003dbb23976af883","first_seen":"2025-03-08T08:26:09.38371Z","last_seen":"2026-04-04T10:17:13.41901Z","times_seen":200,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":465,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.iqrgp.work/","fqdn":"www.iqrgp.work","domain":"iqrgp.work","tld":"work"},"ip":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T07:45:23.141Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.iqrgp.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Tue, 03 Mar 2026 07:45:23 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.4.33\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21888,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":1057,"timings":{"blocked":261,"dns":1,"connect":262,"send":0,"wait":270,"receive":263,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:23Z","timestamp":1772523923,"ip_dst":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-03T07:45:23.671862+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":39042,\"dest_ip\":\"192.163.186.172\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":1065},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":671,\"bytes_toclient\":5676,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T07:45:34Z","timestamp":1772523934,"ip_dst":{"addr":"172.18.0.51","port":39042,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.163.186.172","port":80,"asn":132839,"as":"POWER LINE DATACENTER","country":"United States","country_code":"US"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-03-03T07:45:34.213276+0000\",\"flow_id\":185265856651884,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.163.186.172\",\"src_port\":80,\"dest_ip\":\"172.18.0.51\",\"dest_port\":39042,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.iqrgp.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21906},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21888,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":1793,\"bytes_toclient\":23489,\"start\":\"2026-03-03T07:45:23.139884+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"www.iqrgp.work","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}