{"report_id":"11e462cd-a278-4876-8bd6-e075a780d83b","version":6,"status":"done","tags":[],"date":"2025-10-24T16:22:06Z","url":{"schema":"http","addr":"mogu3.cc","fqdn":"mogu3.cc","domain":"mogu3.cc","tld":"cc"},"ip":{"addr":"115.89.129.27","port":0,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"https","addr":"20251021.mgscy.cc/","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"title":"蘑菇"},"submit":{"url":{"schema":"http","addr":"mogu3.cc","fqdn":"mogu3.cc","domain":"mogu3.cc","tld":"cc"},"ip":{"addr":"115.89.129.27","port":0,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T16:22:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"i.mgsafesix.com","ip":{"addr":"115.89.129.26","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":10533,"sent_data":1293,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"20251021.mgscy.cc","ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-24T16:22:06.995964Z","last_seen":"2025-10-24T16:22:06.995964Z","alert_count":0,"request_count":10,"received_data":273430,"sent_data":5037,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"mogu3.cc","ip":{"addr":"115.89.129.27","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-09-10T05:14:15.342004Z","last_seen":"2025-09-10T05:14:15.342004Z","alert_count":0,"request_count":1,"received_data":10190,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.174.227.41","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2025-10-20T01:32:15.93082Z","alert_count":0,"request_count":2,"received_data":720,"sent_data":946,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-04T15:47:21.631916Z","times_seen":81460,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.mgsafesix.com/","fqdn":"i.mgsafesix.com","domain":"mgsafesix.com","tld":"com"},"ip":{"addr":"115.89.129.26","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":true,"md5":"4cef5fded833606839ff2b86529d096e","sha1":"dc63fff2aba49ad23221adfee0b5e599d45680f4","sha256":"718e7f52d22fa2cf9aa7aba16aba023082a4f5187705b75b2135e8ff7a39a23e","sha512":"40a3b59f860567f597dc2fbd91c49e03ba35d524c4e711da4e209fc7b8f418355a7dbac9ce89c083bb0d930d1503dd20c9faf41688010120773177ffae5e1682","ssdeep":"","tlshash":"3db01251801154f61d3b008184208200c050001b2480821df24d005a5f20516100436c","size":88,"data":"","first_seen":"2025-10-24T16:22:12.507177Z","last_seen":"2025-10-25T12:38:38.338534Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.mgsafesix.com/","fqdn":"i.mgsafesix.com","domain":"mgsafesix.com","tld":"com"},"ip":{"addr":"115.89.129.26","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":true,"md5":"0f39f071cc3b26d0d0e4ebf2b5a31cf6","sha1":"a19c998d93bfbd5c1519770af38cb4cc41265898","sha256":"2af72f559c991a255af976d2ef09e73bc767ce403f6d71e5469b762ce7b71d87","sha512":"b2083dd425fed25ee7e7c2e0a068ab1b338050d27639d3c12c188c7fb8d30e211254576a7c7c978b543f4f51b3296fe7b78810699574b119b824b1396e4f8627","ssdeep":"","tlshash":"8f11dc9f39a348b05ee3397b536f954874b150432c44ea01bd1c98810fb9f9921bfbe8","size":1045,"data":"","first_seen":"2025-10-24T16:22:12.508258Z","last_seen":"2026-01-30T06:09:07.932741Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.mgsafesix.com/","fqdn":"i.mgsafesix.com","domain":"mgsafesix.com","tld":"com"},"ip":{"addr":"115.89.129.26","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":true,"md5":"93e762c55c9c9b8a713e25c36fec9f37","sha1":"1ee75839d91c3e105035c6610280e48fd2217909","sha256":"917dd4677c5d41cbe189e837449a5ff2108307732fb8273a7a0c9ce905745e87","sha512":"bdb2d3559a921e431128cd92104fc420a9c405c67ace8eb1001daaafed479a3060d8858f3062b4554053e868b4ba746e0eb0423660e5f098b470a82e78a7c175","ssdeep":"","tlshash":"f990028a0072349388240c20999b09e1e29700608510402e0f24c4cda84a603fa0d309","size":54,"data":"","first_seen":"2025-10-24T16:22:12.50915Z","last_seen":"2025-12-18T07:58:23.557005Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-04T15:47:21.631916Z","times_seen":81460,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3640d2cb24081fe691fcf968626c9d0b","sha1":"dadadb3c4a4c8fbe674528483317c96eaa08e504","sha256":"145dfe3dad658964a7a6b12fc9468c81c77711d9ad68a9ec6b06811fb5a235bc","sha512":"72592fd875e0b32c39cadb06c5274c31c7357be6314e789005694aea642077becb047113cac351295103a9c13a41017d6dbc319d982ebd01ca61353104e2a71d","ssdeep":"","tlshash":"c2f09eaf5861b1545ae228ac9befd648d15f00255009c417b9d9c4cd3e3dfc5442534c","size":505,"data":"","first_seen":"2025-10-24T16:22:12.510422Z","last_seen":"2026-01-30T06:09:07.934516Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/index-BTaAoGmd.js","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"db9914647ae1159ab8fa86adc2cb41d4","sha1":"72b8fd221144a9d0d57b200c687ae02aac0dcf1a","sha256":"6d7129cdf1448bfff78e131b2218397aec2efdd9795a447ef5e33eac628a2054","sha512":"cfd66b1e0b2cde340eabb930b0d2bae5ddc620e2c143e18d56b2ab6deed2236b0ccf22491371c1df7409372479f167934be938f9befa213fa5e12d870586d5c9","ssdeep":"1536:WJSjYuQ6rUaogG59mw3Z3kFE4hJQgPw/zJW:Trg39mPE4hJV2M","tlshash":"c25329f43097b56293ea18e640770006f36a2d56380ec4a4b2adaecf3e7645541bbf7d","size":64434,"data":"","first_seen":"2025-10-24T16:22:12.492218Z","last_seen":"2025-10-25T12:38:38.331014Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/ic_top_logo-DJMp983f.png","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/ic_top_logo-DJMp983f.png HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-19d9\"\r\nexpires: Sun, 23 Nov 2025 16:21:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6617,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 116, 8-bit colormap, non-interlaced","md5":"1ba6c22d6d597bec88fccc36ce12f724","sha1":"3726d13bad46200b3cc444f5b39675d5659b5660","sha256":"f99e014c22727a455ea1979cb9169f243d5af65869338bbf018ef921c0dd6cd9","sha512":"7bcf66b39308768e2a6bb842a6ee11364bef5c51cc1ed98ad5c41d3c5ae983cd44430fc137dfb4e72c477ec2c59222653c2040445487b2776fe93c0897ce9b56","ssdeep":"192:1S9BV5l3FDgpZteNoNnIlHKyh/QKZmL9KAKu6ldlJ1fdPn:U9bL+eNKiSK7Vrl7fdf","tlshash":"92d1908207789b19a117749ceffa40d107f12c1dae8d71d50560b399a7f73e82d4ad8a","first_seen":"2025-10-24T16:22:12.482226Z","last_seen":"2026-01-30T06:09:07.896654Z","times_seen":4,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/ic_top_logo_desc-WcIn4GF0.png","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.722Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/ic_top_logo_desc-WcIn4GF0.png HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-3718\"\r\nexpires: Sun, 23 Nov 2025 16:21:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14104,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 663 x 172, 8-bit colormap, non-interlaced","md5":"ab4c60869bb1e6dd6c762364016eb07d","sha1":"6368e335b838d060dad5f6d24b0d26fd14e4cf29","sha256":"813a022163c7ab775b4c6b6a1eee6e384e1087508ba0312bd20e6897f5d6cecd","sha512":"341d697776dfaea97c69096acf8c61194d73cae30b35b38f532e900eb025eb77b20d693d97d1d0a546867896fcf360a9a44d49ad03dddcaea27128c0ed2f4674","ssdeep":"384:sjYS36pR8AISr5Vl/fz80PMewJjKDhrwRRO:g3VAF1XzkG1rwR8","tlshash":"fc52c0edaf3ae0cdf29061b19a01649d108c849e1d59138df5b1c7072c2fedcaa953ea","first_seen":"2025-10-24T16:22:12.48451Z","last_seen":"2026-01-30T06:09:07.921394Z","times_seen":4,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/ic_download_android-BL5cqfd2.png","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/ic_download_android-BL5cqfd2.png HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-1ea3\"\r\nexpires: Sun, 23 Nov 2025 16:21:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7843,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 293 x 131, 8-bit colormap, non-interlaced","md5":"140976e269b85ca5a08ad2a6a029b301","sha1":"2075b491315f5697cdbf417c801cf17cfebb2222","sha256":"4344f929eb23cea7e662ea2962414126e89fe69f280a02150a89447ebd84fadf","sha512":"9bc5f9464cfe2fdca136b38c2c6ce0bf65e618d29e8f05f3b4a7591865ae16e8805302646f4b297d81f68941a86d5d23397c81393ec0ab150eb56211e08e8e76","ssdeep":"192:1SqqIOzAo8sf1vAOM0IWwfRnKF/xXkWpYlIOUeb5p:URALstrPwf0F/xPpmIOhbD","tlshash":"7cf1afb3a2dae4a33f0e557e10dd524a56c67a9410e17649b872fcac90c1fe001b2b39","first_seen":"2025-10-24T16:22:12.485934Z","last_seen":"2026-01-30T06:09:07.924553Z","times_seen":4,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/ic_down_bg-CIQXxnXW.png","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/ic_down_bg-CIQXxnXW.png HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/assets/index-B6j-wKJN.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-442d\"\r\nexpires: Sun, 23 Nov 2025 16:21:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17453,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 690 x 697, 8-bit colormap, non-interlaced","md5":"37e474b4a068d3bbc5c2e8baeb1afd81","sha1":"9a31485429d09e4308dec13be4a97c24588489ad","sha256":"b31d35496d45739290653d26dbd8f7a0b20e0914bda30d3376e6665e7e3e75c6","sha512":"c523622be0e23b17f736df1bd353c71d7971142a296efc6c5faa2951b43698eaf97367c5db9700e70ef410874870e0bf03142fc4c71c166ef1839433878a9397","ssdeep":"384:2+i4Z19Mtk3aok4RPN6/Pjp0Glw1Q6DbIqAle0Em2WIJ:K4D9MkaX4BNgPjKGlw1TIdlzqWIJ","tlshash":"b972bfe92547cdf0314c4da19d22b3c91072ace4cd6e6a6bd1e9e4078cbb7c4e6d1ca2","first_seen":"2025-10-24T16:22:12.487923Z","last_seen":"2026-01-30T06:09:07.899615Z","times_seen":4,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mogu3.cc/","fqdn":"mogu3.cc","domain":"mogu3.cc","tld":"cc"},"ip":{"addr":"115.89.129.27","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T16:21:45.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mogu1.me","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 09:56:03 GMT","end":"Thu, 08 Jan 2026 09:56:02 GMT"},"fingerprint":{"sha1":"FB:3A:44:05:AC:46:77:08:AE:5D:6E:8F:56:12:82:36:6A:38:3B:32","sha256":"2F:9B:E0:82:E7:76:49:AC:67:E8:17:4E:DF:62:04:3F:7E:90:CB:0D:BA:DB:F8:9B:0A:84:B0:A8:A7:2C:FB:86"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mogu3.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: openresty\r\ndate: Fri, 24 Oct 2025 16:21:45 GMT\r\ncontent-type: text/html\r\ncontent-length: 166\r\nlocation: https://i.mgsafesix.com\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9956,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1494,"timings":{"blocked":607,"dns":33,"connect":280,"send":0,"wait":280,"receive":0,"ssl":291},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.227.41","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://i.mgsafesix.com/","date":"2025-10-24T16:21:47.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":"广州有啦网络科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 18 Mar 2025 04:08:22 GMT","end":"Sun, 19 Apr 2026 04:08:21 GMT"},"fingerprint":{"sha1":"AE:CB:32:71:EE:EE:E6:72:A4:88:B2:9F:4F:C4:E5:B5:A8:C2:73:6C","sha256":"7C:F1:09:2F:6A:8C:5B:F8:63:DF:D3:32:B0:F3:F8:E7:01:29:0E:F2:55:8B:4F:6C:58:55:8E:44:E9:EC:15:F4"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 281\r\nOrigin: https://i.mgsafesix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://i.mgsafesix.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://i.mgsafesix.com\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Fri, 24 Oct 2025 16:21:47 GMT\r\neo-log-uuid: 1269931796794924606\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":323,"timings":{"blocked":40,"dns":0,"connect":0,"send":0,"wait":282,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T16:21:50.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://i.mgsafesix.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: text/html\r\ncontent-length: 978\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\netag: \"68fa048e-3d2\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":978,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (499)","md5":"816b427b68499ef56ef20aa48d41bfb9","sha1":"4f94eeb515da793aede1d4dd6b4ac331f5d9aebb","sha256":"b01f3129417d5898d172e41da667928d5284d9491616bfb8a439e4c1106877b7","sha512":"864e0b32c90e2ef1eed55a13fcb3054a396a909c6efc311994860045929f80946680dbb38d0593484ed245fc682648a65b4069419796aa3cdebd30677b4f854c","ssdeep":"","tlshash":"5e11548e4cb0c51453a01528afd7f508d59f41474109d80576efc0ed6f58fc98d1b2ac","first_seen":"2025-10-24T16:22:12.490677Z","last_seen":"2025-10-25T12:38:38.336037Z","times_seen":2,"resource_available":false,"data":null}},"time_used":877,"timings":{"blocked":362,"dns":48,"connect":153,"send":0,"wait":153,"receive":0,"ssl":159},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/index-BTaAoGmd.js","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/index-BTaAoGmd.js HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-fbb2\"\r\nexpires: Sat, 25 Oct 2025 04:21:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64434,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (34498)","md5":"db9914647ae1159ab8fa86adc2cb41d4","sha1":"72b8fd221144a9d0d57b200c687ae02aac0dcf1a","sha256":"6d7129cdf1448bfff78e131b2218397aec2efdd9795a447ef5e33eac628a2054","sha512":"cfd66b1e0b2cde340eabb930b0d2bae5ddc620e2c143e18d56b2ab6deed2236b0ccf22491371c1df7409372479f167934be938f9befa213fa5e12d870586d5c9","ssdeep":"1536:WJSjYuQ6rUaogG59mw3Z3kFE4hJQgPw/zJW:Trg39mPE4hJV2M","tlshash":"c25329f43097b56293ea18e640770006f36a2d56380ec4a4b2adaecf3e7645541bbf7d","first_seen":"2025-10-24T16:22:12.492218Z","last_seen":"2025-10-25T12:38:38.331014Z","times_seen":2,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":309,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.mgsafesix.com/","fqdn":"i.mgsafesix.com","domain":"mgsafesix.com","tld":"com"},"ip":{"addr":"115.89.129.26","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T16:21:46.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m7.mgsafethree.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 12:24:50 GMT","end":"Sun, 11 Jan 2026 12:24:49 GMT"},"fingerprint":{"sha1":"2F:4A:3B:8A:1D:AC:B8:A6:2F:96:2D:59:C7:9A:BA:F2:EC:48:78:7A","sha256":"1F:F7:36:42:DC:A0:7E:A5:AE:52:93:BA:27:AB:CF:F8:76:0C:5F:50:82:F2:CD:E0:35:D1:DD:29:42:16:18:4A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: i.mgsafesix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Fri, 24 Oct 2025 16:21:46 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 21 Oct 2025 12:42:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68f77fba-26e4\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9956,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7030)","md5":"76b09344ae908c7716b6dc4580ee730e","sha1":"4850515578696d7c789db4bff9cd8184d82e2112","sha256":"a91c2c626d888940559281330b3af516cd57673cb6b285341ae94164cc56eb74","sha512":"bc9d8de56b6cca944061d5b3ca47fa75e0b0232b1fc2174f662ab1e060a898fdaa286431019c11095e02b053a5cacb7a2368f88ccfc627c37d59c183fe1fdf1e","ssdeep":"192:dQC82pW5VQpcRQwz9BSKNohgqUR2OC6Dtp5M5H3:+2p3pcRQclNIgzcOCyp5Mh3","tlshash":"27225cb352255d456b3b2814f986b70d3ec86c2f5b44828cfd8d24b05fd92c08e9bbb9","first_seen":"2025-10-24T16:22:12.493508Z","last_seen":"2025-10-25T12:38:38.329506Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1526,"timings":{"blocked":621,"dns":42,"connect":283,"send":0,"wait":284,"receive":0,"ssl":293},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.mgsafesix.com/favicon.ico","fqdn":"i.mgsafesix.com","domain":"mgsafesix.com","tld":"com"},"ip":{"addr":"115.89.129.26","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://i.mgsafesix.com/","date":"2025-10-24T16:21:47.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m7.mgsafethree.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 12:24:50 GMT","end":"Sun, 11 Jan 2026 12:24:49 GMT"},"fingerprint":{"sha1":"2F:4A:3B:8A:1D:AC:B8:A6:2F:96:2D:59:C7:9A:BA:F2:EC:48:78:7A","sha256":"1F:F7:36:42:DC:A0:7E:A5:AE:52:93:BA:27:AB:CF:F8:76:0C:5F:50:82:F2:CD:E0:35:D1:DD:29:42:16:18:4A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: i.mgsafesix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://i.mgsafesix.com/\r\nCookie: __vtins__JrjMlMzW1rgJXSli=%7B%22sid%22%3A%20%225733b085-31a0-5086-8761-8459d6d6d8b8%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201761324707787%2C%20%22ct%22%3A%201761322907787%7D; __51uvsct__JrjMlMzW1rgJXSli=1; __51vcke__JrjMlMzW1rgJXSli=270b28c0-0867-5e97-bc0d-92e928a4ea55; __51vuft__JrjMlMzW1rgJXSli=1761322907793\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Fri, 24 Oct 2025 16:21:48 GMT\r\ncontent-type: text/html\r\ncontent-length: 150\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"597ba0d4396e9c906225140ce907092c","sha1":"28ae2ba65ccdb583d79f85b8cc9509fae697493b","sha256":"ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6","sha512":"8898f14bd6cb5c72d6ee5878af3700be6d03b56a5a21a3d58ef347f008acf4ac68a46a908903e1d42999c1e259e77d7df686c94765865ae07361b2c4e04adf2c","ssdeep":"","tlshash":"18c02b2d24137c0c8663307636c37050c1978337a67e10210400805330cf1998ac33af","first_seen":"2023-04-05T14:00:46Z","last_seen":"2026-04-04T15:49:11.498529Z","times_seen":33039,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/index-B6j-wKJN.css","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/index-B6j-wKJN.css HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-239d\"\r\nexpires: Sat, 25 Oct 2025 04:21:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9117,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (9116)","md5":"e6dbefe671bb7c8c550c16ffa3e5c97f","sha1":"01e9bd4938d23b11fa62998ff1623ad2aa6265e0","sha256":"b9d05ae9bd3ec0a9f2b4ff4d6e69f5327f25607c28599cc0a8c382f3fb210231","sha512":"af254c128760ec6e8eb972eaefb491eabfec544ab31b5934be19f8311c1715ce04163440aba13b9005d52a0bf28d787b6def10d4b7498477ad1314ae5017effc","ssdeep":"96:VAr6uzoVuzbO3qk4pVoLZcXLtBfyGU/tkU45wfRSqlD3W/jzile:06oUobO3H4PoWpBfZUlc5mRSqljuiE","tlshash":"7412016f2946270ce027cda267f413a84118e972f31246edd167be75cbcb78315b2a4a","first_seen":"2025-10-24T16:22:12.497011Z","last_seen":"2025-10-25T12:38:38.327824Z","times_seen":2,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/ic_download_ios-XU_RjXrg.png","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/ic_download_ios-XU_RjXrg.png HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-1fd0\"\r\nexpires: Sun, 23 Nov 2025 16:21:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8144,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 293 x 131, 8-bit colormap, non-interlaced","md5":"de9d2d07c07839f8a1fba25f5f891966","sha1":"d5133b05e6c72e47604a9900b28effa1081b0046","sha256":"6a98fa399b975c9b358202c7bc80516d79ce9e4f44ac6527bb814ba68c8e7087","sha512":"b22277f7e6e2aee1a83bafb4ab32edd6963690dc908437a275a59baca52c8d852e97abc6d5972e5847467d5587764b570ad4c24c6c97d90bc03ae09d792ec50e","ssdeep":"192:1SKLwkIGZLA1Rden374NUSAOBqqejIv2+CVVSipe2DY6uU0EJL:UKEkIGSer4NVAO701MipfYtrw","tlshash":"89f1be4ca8c1eaaa51202161a35613b4d10d97d14017afbef860dfb1f807392ffb6ad5","first_seen":"2025-10-24T16:22:12.501149Z","last_seen":"2026-01-30T06:09:07.919783Z","times_seen":4,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/assets/ic_main_bg-BsbK6fj6.png","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:51.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /assets/ic_main_bg-BsbK6fj6.png HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/assets/index-B6j-wKJN.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 23 Oct 2025 10:33:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68fa048e-1c603\"\r\nexpires: Sun, 23 Nov 2025 16:21:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116227,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 1334, 4-bit colormap, non-interlaced","md5":"a4b4c1544b85579da6104817eac79607","sha1":"c99c37a4a3d5539e1e977a79e5d80e084cd74b8e","sha256":"afab18a1b729b0c72c8bf32c5f641cca4b6ffc1989b92ee0af3984c53e5c85de","sha512":"c199ce4f5f4d64ed4f0361f2d3a0c8a32414d59988c9c58b927897f9869ab54ca85b4c207653064809e464a4d2eb5634c9d6b792de41cc915ff3456bb1eb0806","ssdeep":"3072:ScCU4qKn+dHZVsUDjsHDQiLBJeZJg7udxaA+tORE7mE7:QU4ZKPDYHDQIJeZ2mMDrCq","tlshash":"8bb312215be69cb6329be076276d14cb99378f3667a03181e47227b56b313a48c3f1c7","first_seen":"2025-10-24T16:22:12.503093Z","last_seen":"2026-01-30T06:09:07.930066Z","times_seen":4,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.229.36","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:52.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":"广州有啦网络科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 18 Mar 2025 04:08:22 GMT","end":"Sun, 19 Apr 2026 04:08:21 GMT"},"fingerprint":{"sha1":"AE:CB:32:71:EE:EE:E6:72:A4:88:B2:9F:4F:C4:E5:B5:A8:C2:73:6C","sha256":"7C:F1:09:2F:6A:8C:5B:F8:63:DF:D3:32:B0:F3:F8:E7:01:29:0E:F2:55:8B:4F:6C:58:55:8E:44:E9:EC:15:F4"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 279\r\nOrigin: https://20251021.mgscy.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://20251021.mgscy.cc\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Fri, 24 Oct 2025 16:21:52 GMT\r\neo-log-uuid: 1692664244228096645\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1084,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1083,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"20251021.mgscy.cc/icon.ico","fqdn":"20251021.mgscy.cc","domain":"mgscy.cc","tld":"cc"},"ip":{"addr":"185.170.77.41","port":443,"asn":7488,"as":"CNServer LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://20251021.mgscy.cc/","date":"2025-10-24T16:21:52.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mgscy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 06:08:00 GMT","end":"Mon, 19 Jan 2026 06:07:59 GMT"},"fingerprint":{"sha1":"5F:BC:0E:8B:55:DD:9B:97:D2:F9:14:C5:2B:8C:DD:A3:A8:23:78:5D","sha256":"B1:6A:BA:5E:07:CD:7C:9E:24:DA:91:25:5D:33:11:6B:10:4D:75:C5:BD:03:76:CC:75:59:5A:A0:7B:1D:E7:B8"}}},"request":{"raw":"GET /icon.ico HTTP/1.1\r\nHost: 20251021.mgscy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://20251021.mgscy.cc/\r\nCookie: __vtins__JrjMlMzW1rgJXSli=%7B%22sid%22%3A%20%222d987d40-262f-5239-97db-0ef16b113fcc%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201761324712032%2C%20%22ct%22%3A%201761322912032%7D; __51uvsct__JrjMlMzW1rgJXSli=1; __51vcke__JrjMlMzW1rgJXSli=554e7b71-942a-5dd1-8b54-4225bd02732d; __51vuft__JrjMlMzW1rgJXSli=1761322912037\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 16:21:52 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 23486\r\nlast-modified: Fri, 15 Aug 2025 06:15:06 GMT\r\netag: \"689ed06a-5bbe\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23486,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -116x-116, 8 bits/pixel","md5":"580444c78ab85ba89aed3a7f17c687c3","sha1":"88da05d4eca5d9ca8d9a148252021262367d7c7c","sha256":"d2927b7de9cec7a8e60ce2bc1923c968889a23d46745d81009efb8e99c229fb5","sha512":"707dcb5c39c2b9478cc80a60ad5f139308e1abfa9337beef3ad97351f46f7edc756ea9109937da98a53c6ab5d64eda0c870b0ac9d9ee7458d50e9ce047739b1a","ssdeep":"192:2Aoc18SrRS+RKgXGB3CSYq3XbPbVQTs6e4/5SASXbkvI91AQYP/zdFw4O:2Aog8sKgXGB3CSXjbVWabmK","tlshash":"21b210b985322a0bdf39217e702f3b445c7f2962fa96dcb2d20844e258e6d7005de5e7","first_seen":"2025-10-24T16:22:12.505253Z","last_seen":"2026-01-30T06:09:07.903834Z","times_seen":4,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}