{"report_id":"42b191e6-4b8d-4256-a456-d312ce4eaa6a","version":6,"status":"done","tags":[],"date":"2026-04-26T13:01:40Z","url":{"schema":"http","addr":"xmidas.specialfors.com","fqdn":"xmidas.specialfors.com","domain":"specialfors.com","tld":"com"},"ip":{"addr":"104.21.85.93","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xmidas.specialfors.com/","fqdn":"xmidas.specialfors.com","domain":"specialfors.com","tld":"com"},"title":"Midasbuy x PUBG MOBILE Event","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xmidas.specialfors.com","fqdn":"xmidas.specialfors.com","domain":"specialfors.com","tld":"com"},"ip":{"addr":"104.21.85.93","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-31T13:01:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"xmidas.specialfors.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-04-19T22:35:51.253585Z","alert_count":0,"request_count":2,"received_data":140394,"sent_data":904,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pagedoo.midasbuy.com","ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2018-06-05","domain_rank":2848692,"first_seen":"2023-05-26T02:11:09Z","last_seen":"2026-03-31T09:05:39.585982Z","alert_count":0,"request_count":1,"received_data":34273,"sent_data":493,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-19T22:20:23.925162Z","alert_count":0,"request_count":2,"received_data":253422,"sent_data":1058,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2026-04-19T23:27:37.109257Z","alert_count":0,"request_count":3,"received_data":264152,"sent_data":1353,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.midasbuy.com","ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2018-06-05","domain_rank":1886290,"first_seen":"2020-07-20T02:57:04Z","last_seen":"2026-02-14T14:56:26.587847Z","alert_count":0,"request_count":2,"received_data":495,"sent_data":972,"comment":"","tags":null,"fingerprints":null},{"fqdn":"site-assets.fontawesome.com","ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-10-18","domain_rank":380600,"first_seen":"2022-02-10T06:20:21Z","last_seen":"2026-04-19T18:15:54.42565Z","alert_count":0,"request_count":1,"received_data":204,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-04-19T23:11:39.14593Z","alert_count":0,"request_count":1,"received_data":93695,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2026-04-19T22:44:19.012253Z","alert_count":0,"request_count":1,"received_data":31542,"sent_data":522,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"xmidas.specialfors.com","ip":{"addr":"172.67.204.63","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-23","domain_rank":0,"first_seen":"2026-04-26T13:01:45.016989Z","last_seen":"2026-04-26T13:01:45.016989Z","alert_count":8,"request_count":2,"received_data":4154,"sent_data":953,"comment":"","tags":null,"fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"stackpath.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":21970,"first_seen":"2018-04-05T04:41:29Z","last_seen":"2026-04-20T02:24:07.418187Z","alert_count":0,"request_count":1,"received_data":31897,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"irdgqgog.fortoday.asia","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-26","domain_rank":0,"first_seen":"2026-04-26T13:01:45.020619Z","last_seen":"2026-04-26T13:01:45.020619Z","alert_count":168,"request_count":84,"received_data":7745231,"sent_data":40393,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"cdn.harvestsharp.com","ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2021-03-12","domain_rank":1960258,"first_seen":"2023-10-10T12:59:35Z","last_seen":"2026-02-14T14:56:26.547754Z","alert_count":0,"request_count":42,"received_data":192618,"sent_data":21062,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-19T22:33:42.593215Z","alert_count":0,"request_count":2,"received_data":175036,"sent_data":987,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xmidas.specialfors.com/","fqdn":"xmidas.specialfors.com","domain":"specialfors.com","tld":"com"},"ip":{"addr":"172.67.204.63","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"39afae7922d09ca4d4c86c3e97b9c4a1","sha1":"669b3756e42c58cc0bfd4544b0927f84dcee1dfd","sha256":"cf7ead8f0e65b6fefc9e92dc864fbd4632114123aa3f90f9f388b071d5350962","sha512":"b0f4a4f7d6a9ed6ca33cd741100f56af64bcc5674b14149d7f0586cf2313a8d925f7fc5e40ccc6ea86e25391427c746e67ce2b495f0bfa3437a6466d612a47fb","ssdeep":"","tlshash":"0ce0cdefad654a79d1515ede305861a87d21133275166c7170f4c41450e0f5a442274d","size":316,"data":"","first_seen":"2026-04-26T02:12:57.190079Z","last_seen":"2026-04-26T13:10:26.647808Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/1.7de7e446.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/1.7de7e446.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 72408\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:11:01 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:05:46 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417017\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6gmDFedUcjx%2F0izZ1nOYGyEMlGqje0hoNVAZwa9auu3zOKFh%2BKSXzQOCfO4PC5gtdMATBf0NGMKIFeOhfjl7KWFMTcF0OVHSnj80y6jiUSOZjeTg50hqj8yw0brhX85qbiWAvSFNaj1m\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c687a8e72efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":72408,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 700 x 136, 8-bit/color RGBA, non-interlaced","md5":"7de7e446e750809ad1d2af42909c5f80","sha1":"720b8ef8268157d5c9471f723f50cc033836def3","sha256":"3944c9d1283515e1cdcac98147a4d72695f406415736db82c0bbebe04c047eb4","sha512":"0d2a8ba04b3b26f33dbfee94c84359c872b9dcd6318791cb49d32d566cdd8f6b00d1eb4eb1905a1110346b0dbcde567338dce806219f73264262b6fdf9f9fc82","ssdeep":"1536:6PdJXQHkEmJkXA0vg/w53b7EumSBFkXC7RTQ9z7ACQH/M4:6XAHkoXX6umSF7RTQt7A/H/V","tlshash":"8663124d4f49d965884cc78f98ab38e5e92fea82365727df105c0462163d80b3abf2f5","first_seen":"2024-09-19T21:41:24.067631Z","last_seen":"2026-05-13T13:04:07.321946Z","times_seen":11,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/SJ1dr284.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/SJ1dr284.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 276748\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:02:54 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fLLqNy1GFLa3eDuGmwip5ILoB62gAutgiI%2BIfmvPE3pigqFUpzCmlTJtb41Hz6u8tWE%2FbB6qPkbJW8NpSXVNRHtyzxH7OiBO5jKrV1avg%2F2gM2G1361aXx%2B9%2FJC4NZ3CnUdJKu0qFuGD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6812d932efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":276748,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1122 x 488, 8-bit/color RGBA, non-interlaced","md5":"1802f4b12cda8a9d358f2978c7df54c7","sha1":"50f526502847b33799b95ac24426a0c2673bcd4b","sha256":"37d33673c157cb361b368fdb7e3f979426f64ecebd01e21aeb8b580d0fde8f37","sha512":"b7278ee16a4a4a022be9729baa1393fe351a59dc08a68a65c2920383f891c950b3649ee3067849e795c3a79c4bc0262e5ffdcfe0d911179f75a3b4ed2857f221","ssdeep":"6144:+GGTOOWwcSuOL6S3lShzn8CCon0ubDvI5AyH4/x9alnBzPeZz:+py9NRW69N8CClubDw5AyYEBzPu","tlshash":"f3442390e859a9f7cb42e9f7ccc941b43121821ece532445d9cfcf2b4e015ab9eb2e25","first_seen":"2026-04-26T02:12:57.027965Z","last_seen":"2026-05-13T13:04:07.33297Z","times_seen":8,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/footer-email-subscribe.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/footer-email-subscribe.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 3349\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:07:54 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CcyRwLPNksSylYkvdInidSkcTrJ4zOmfJulkcbnAoNvbUBqmC3Y5dtlu0KrsKSv2wDrPPVSpWcLoedOIADWNLvOQ6qDhMYh%2F%2BTCWP%2BCXjk1Ew%2FVeecUeskuvBJ597bR0GeYvGvKbe7MX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6816e432efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3349,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"150e097b432034e3fedf6443b4551a16","sha1":"a4299dadb4feda18e484362ce6892c52b507d5e6","sha256":"b9ca6c3a516ec9dfbe4f33e318d560f265836d51627cb9fa3d881062a2fd98e2","sha512":"b706811890123610964b651d9aa744644331cce7b89a68059945fbf9657f360b9432c602667327a539b99d89992f2ff6717469ab82eececc4232c66aa9c61f06","ssdeep":"","tlshash":"07616f4f519bd770ccfd59362f172290cd586f65e7f9b2385084ba4488991090db286f","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-06-02T05:48:42.981136Z","times_seen":359,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/29cf13fc540e0c2c10422541aefee49b.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/29cf13fc540e0c2c10422541aefee49b.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"717de2603d3013e3d04b14c96a9e6416\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:36:36 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 4929961802656818551\r\nx-cos-request-id: NjZmNDFmZjRfZjgxNTc5MWVfMjE5NWVfN2MyY2M5Mw==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDcyODk4MzI\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 4302\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 13430562486968509192\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4302,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"717de2603d3013e3d04b14c96a9e6416","sha1":"0a14a050a27cd9377137a9bab6724e88ba120256","sha256":"049539eb341317fa886955f7073079c9f92d1abe4f92b87d942c00d46332fa30","sha512":"bf9bc3f2b82cf63c44e160dce011da3d7c870e63aba1c5948b68e75b6bc8fe99aa1b945f7905718ff9142f6f6530c832ad553a676e0390500d4ba62906bdb87f","ssdeep":"96:P1GuxPpoQyy141hzVdx8I3z9a6x3u2WqRvVGRdT/5tSgFm2G:dRoQf6zVzJjDpuYRvVAtSJ","tlshash":"99912a10363e1b32614ef2253a347d586699108ca72f89919b28e679432e3b270d23eb","first_seen":"2025-01-22T15:28:39.177866Z","last_seen":"2026-05-13T13:04:07.335585Z","times_seen":16,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":629,"dns":0,"connect":0,"send":0,"wait":74,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/Show-Password.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/Show-Password.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 28355\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:18 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kzL9yye%2FUJbUkSkfydMj7uBPVjIoq1PfGeVArJsiGtN9eZNlkCR3wgOHJWtb7fcaTaD1Od1V7NqaS7DyynUzLN1h4YpI58W3Uy581ov05%2FV4TZrCOSzNJ%2BzjGuNnSKONP5h1JMV6rs5q\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c68239002efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28355,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced","md5":"2fd203703821d5ce5d18bee2a51b779a","sha1":"a78d7b1369ce8bc34de57909af142043cae446f0","sha256":"6b82611fa96f118128b0db9692dd982ca0fe79b1b4d8048946880600cc4f97c8","sha512":"f889c843a380cef9b5746614b9bc6ab067b483049cc03866953867e1e5ce2b5e1936c965975c88e2352a3ebd0d6a1840252edbf70f01092cdefc7e4cff1868b2","ssdeep":"384:O0uuuuuuuuuuuuuuuuuuuls7IhoG2PkCEbDk4otLQORTaxqw9YLFjKIUjuMYu3PV:D7NGasw4otBaMw9WF5UvjXP3nt","tlshash":"41d2bfe3d7b94ab7c9a53271a150924722221cb901bcb89810c0bf9e673e6cc6e76f11","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-05-13T13:04:07.256793Z","times_seen":916,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/main.jpg","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/main.jpg HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14480\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:52 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iP2qAgCLnE1o9lEPZS1gcSTAjZf8iQNg%2F%2B1Z04yDO%2Fh1HZseoAyqTIBiJGo%2BFeBRiJkXhgn0axAY8o7wmGAAvcvolxdedChlizWfW2guXt%2BqbkOj%2BDNvfOPGZLRy1nEtUGgTSmd4zHOw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c68218a02efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14480,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 478x480, components 3","md5":"fab6e238f498673f8515f6e9d0e1f7d4","sha1":"e7f2bd6792fd33da02fa4e36f89a6812b1174c85","sha256":"0a273ea5c709aec56220151087defbb81f5cf3093ce667a140fc399d1027961b","sha512":"13b3e5c7d22c7706110a1dd77e8d6a543d256b23f961936856a7dc56bd7a5753a320cf333f528466a9dd5cc5cb320d7904573ea99c1adc57e861abb3356042c5","ssdeep":"384:qsut++Qqig5UwL4s5aeb/mXJodTnj50CQ5xp3IsTliJNKFtgO87:futnqwL4s8ej8Aj51Q5xp3I7JNKFtgOK","tlshash":"c852d16b5fa240b2deb453f48f2e4730e19610eafa6d38dfb4c07301485ea9721562f1","first_seen":"2024-05-12T00:04:05Z","last_seen":"2026-05-13T13:04:07.306742Z","times_seen":13,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/icon_2.jpg","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/icon_2.jpg HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13303\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:16 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KFW3dv5a9%2B0YQRSVDc3g0pJcUwrQMVTbCt%2FTKk6HBZff5NRPO15kOpTSB8enBV8jLPR%2Fl%2ByB2moU3WjDauzXX8PnUvbEbj6T6uFOZFso1%2BHdZE1iMrKwRZNGrfEx3shfb7ZnpLUDwUPe\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c68228ea2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13303,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 554x554, components 3","md5":"7c769800798574703b2bee43f5b6c0e7","sha1":"b57395a2544ceed657b00d088004cda7ddbaa7a6","sha256":"15c67df51c82b0b84d5f0173c405d8e075ea4980ec30613178daa32ef976e047","sha512":"7afb2190ebbbada1c016363039d34d7c70259638903d01e351b7f7d49e8af52e9c180d3a6b1a1910d1f4ae09440ddce2fc504ae4773f963e75d8b8865db6b50a","ssdeep":"192:3OgsGP/QVdegrmi9ZkXE5OMfU1kMQqzetuR9pCAJs8VdH6Zj6m7k1sBZj8fc4d:tsG74mSbgMfUuKzea9C8XHYX7NIdd","tlshash":"7752c037bb2daeb6d669b7718b47075deb76ec20439b954683e23121083c1425c1cfa3","first_seen":"2023-12-16T16:31:33Z","last_seen":"2026-05-13T13:04:07.284849Z","times_seen":35,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/3200.a40b11db.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/3200.a40b11db.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 4088\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:56:58 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VhXGgIQVrC5odi%2BAARv3MSQDUkYMggOanTcsjZenWM1tnnsf528aOolap%2Bah15xX7KrjZWJcTXFwI62doTvdMu9X58uWlbeBRf8I0jTBmWT5d9dOXQ33uiWVsDq33z2VNtzONZk8Iu4p\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6800aa12efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":19866,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19866), with no line terminators","md5":"91e63ec78d30f8f9b63a38292d837e2a","sha1":"b8938a50e7bfd5e41a1b86f006b4de0933026e4a","sha256":"1085776e0296c9eb83650a1fc60fe43e19a2e300f1ad99edd20dd1d4d4cd4410","sha512":"6eac60b4c43252f36c316661f48ace8cf6737b88a96e2c5aeee7a76e9fb17bce4a8fd9de54d91816a9ba9a78395bf7b371252d907667ef31139d30411199984d","ssdeep":"192:nmUJbiKnePkyVkQa+SZc2NPfh2nx+osD3nsCVrSKHH+fvUkjCiqltN9ltN9u99tj:mUbeMokQa+12lMnx+m","tlshash":"239231a553803046552bcf66cba89670d8624dd1a283ecba74906e54d2f3efcf34e13d","first_seen":"2024-10-30T20:47:39.619968Z","last_seen":"2026-05-13T13:04:07.302004Z","times_seen":9,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/reward/sfs.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/reward/sfs.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 36640\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:38 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zWEWnZ%2FQgRBpAZRLM4Pu0eNV5o2goKDREk8pR62uY04cUAJ9cb8wFN3G30IGckIFeksTyl3ij%2BMXbXT4ieekHUEV%2FTIL7W6MEi%2Bvy6KFVQNCwCSuqIrKGuuFa6mAeDe3N%2F5YqK%2F9iev8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814dd42efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":36640,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"b3a839a759d0403f4e2645ccc2d7d6f7","sha1":"0a2a09d3ca75b9a2fdd7198c15dd7d34066225fb","sha256":"255e84dd3395a7be094dfdbd60f9a3df16a5741419dceeeab0cecb82101e4787","sha512":"e647cc5af229b6db025cb4f785c5a5e11ef09f2b4b07eccdf83c648daaa4f8e159b000bdba7db9fdc124f7f02798e03ba171696a43cb0e088efa63b3efe46267","ssdeep":"768:IRG5XErKMO07aUdxu6AUnJ9YkAHbeCZWGR+BaoM2ZnhXK3PVa7jWc:c5mqxfFXYh7eCZW/55K39aR","tlshash":"e9f2e09e3874d2bdfde1020056b8caa2ce61c2cae5e13516b4078cb5ed92fcd4694af5","first_seen":"2024-12-09T16:53:48.092205Z","last_seen":"2026-05-29T12:33:19.644096Z","times_seen":37,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/iconmid.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.219Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/iconmid.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 3935\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:48 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d0gvjQ%2FwFzaBE84aR81qqr03T9TR88ASMvqwRJchqlARFvCXyX1Wqp5JGRLASs%2Fi5lTSnT7W6e50KxaENFPnnIM14aQFMVOlUHfp%2FRX%2FiFxTHZqNUgz5pGbwhX7Zy1DrX%2BMYOH7xGFkp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814dd82efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":3935,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 49, 8-bit/color RGBA, non-interlaced","md5":"464a64f6a97263cd4b329b105f445a37","sha1":"cd70fba06d5bb4e225bc01c8ecea7b0b5e03b9ff","sha256":"d125df14feab2b909f364bfcc645a504556a5d2706fd8e6bfaaa23ec5748c91d","sha512":"469e9352c098682ecc394c3eff1ad36e11d5758458c875de543fc11ba10bb19940cc10c0327831160be6ff5bdf5e08d5e2aa51b6a1da298f541e0d71fa0de6be","ssdeep":"","tlshash":"ef817d98c692f0d6b54e49052b276b74c9380132c38fd669c95db02e82ae0bdb83dbd0","first_seen":"2025-01-22T15:28:39.061775Z","last_seen":"2026-05-13T13:04:07.329797Z","times_seen":13,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/6b5b90bfdeca819d6a45171e85b81fce.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/6b5b90bfdeca819d6a45171e85b81fce.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"81b94ade773a1869fe01d031db36327d\"\r\ncontent-type: image/png\r\ndate: Mon, 21 Oct 2024 18:05:03 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13652087803389900638\r\nx-cos-request-id: NjcxNjk3Y2ZfZDA4YzdjMWVfMWYxMzBfYjJlOWUwYw==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgyMjczNzA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 6835\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 11556573944697345184\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"81b94ade773a1869fe01d031db36327d","sha1":"b448968f4de1f24e634893c0831b3f3bf8e2fc92","sha256":"1fd19cd69527b2137ee3c99d32b3d95b5316e0376bbb57b9cdafb12e8e18c069","sha512":"0178a639fd748cbf8384aae3b37f811ac2cac650bc3b33edf139d9a3bc883eabc3372cb8c97bf22821ffa787d6966b8b679412fc382afae8af1a990492c17f8f","ssdeep":"192:1daGgkirwKwTEYDOOQE6xYcu/BnJngIE1xlRSc:9ZrTEYDOOP6mf/BJDE58c","tlshash":"0be1afe81a52de868474b558ae90b91c15d7201e21bf38f32cf64973ad5d0481529ff6","first_seen":"2025-01-22T15:28:39.175067Z","last_seen":"2026-05-13T13:04:07.26395Z","times_seen":16,"resource_available":false,"data":null}},"time_used":725,"timings":{"blocked":629,"dns":0,"connect":0,"send":0,"wait":75,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/linkbtn.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/linkbtn.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 6526\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:18 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PXbI6BT56sb67uwCO1%2BvBf930viKRMgvNzB3y1zis2Pu5DWJN2riqwrsUf5zkAye9a2dHU7BHJDjr2cL7xILAKBAkNZdeE10Mrpxt71aeWCjdHjdV4GZz5AKXaKTtRbkwKiYVNiPn7eu\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682fb3f2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6526,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 77 x 74, 8-bit/color RGBA, non-interlaced","md5":"48c050386aace34c60f16a01fdf74c3f","sha1":"53768d24571ce30d02d038a196cee350baf19d8f","sha256":"b318d6f5d2b095f2ee11e25716a02d4de816c93eb2d0ccd26459e03b65962b14","sha512":"ef29d0f8a69a353a563fcfc2f82d3aacf4a2306e16a61fd4b232365605234549eddfb59c606fc89579a0e0870aad22af993a95e123390a8ddec3bf2fd939a145","ssdeep":"192:1pfLypqJ+wO767KiTf/wpCWAKgNQw9JIn:1pDyY37/7EYSwTu","tlshash":"1cd1b0cf17cb25784d6a279c973a19f2fed310806524b39505839bfbdce0b46d4816aa","first_seen":"2024-01-05T16:39:52Z","last_seen":"2026-05-18T07:10:28.792763Z","times_seen":222,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/167.2c475bdc.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/167.2c475bdc.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 102842\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:14:34 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GHRTOTjwlded2DmfpnyYDiDcjYwJyXhk7r1AohfOg8QpsjTp0OK0rO2pcOfq8nK6OCDKiQCq1KNBGjpL48huJG1DvYpL6ODA19A%2BU%2Fvq9y4eC1%2FXAVC00i7HeSdpiD%2BF1kpU%2FxJ7OG%2Bp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6805b702efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":959361,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65534), with CRLF line terminators","md5":"81c904598ce6e4c941adfed7387c9b6b","sha1":"136011930e815e408fd1f0ee637be35f1d96c066","sha256":"07751707fc06e57edeb714610d8694a4c4b5185d9206cb908d8f8e8d7cda8496","sha512":"f20236e47dfd474c80c98fc0946810391c4c81599c7844c1095d95378773109ea37c18fc8ebd6f6b933905ef71e6cfc16d4cba3136a652d56e388761a352dcbc","ssdeep":"24576:oc4f4O2HEW6KmbKjzDl0utornVObCFXkj2QvDqRAv0OnMIujR6T9nG/U4sHbAOP7:oc4f4O2HEW6KmbKjzDl0utornVObCFXQ","tlshash":"d0153a3ac8219d2df67bdd81e68350bc0518a40773d36e7df9ad7b7ad2e11ed2226108","first_seen":"2026-04-26T02:12:56.941849Z","last_seen":"2026-05-13T13:04:07.232468Z","times_seen":5,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/7960.77071778.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/7960.77071778.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 26881\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:55:04 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FRz6h5Jqw34gVX9bmM%2FDGFgRbE3PgK2V6MTA1pmY0GStbEkDOM0hrwpFqq82oRU5ywx8DWCRvqInbM0Fg3CHUQTOQANpibXbedXDhQ5KsJvFaUsWkD9jwkB%2FuixdigY0Vjt9jDa3Ffiw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67ffa7b2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":204774,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"cd1f77b2f47b6069360c9434ad4fbfaa","sha1":"6d619a2a8299313aa3d78b6ae1da61f24bbb187f","sha256":"5af08c600e0ef25df3884999ea210bb4949076f7e7ae47cbd9237b914f933796","sha512":"5a14d2a0d10a09b66da3353b1e3bd4648be3b7e45de343b3df42558b8b6f08aceefc8a8ebdbe81e284ef81ce20f3596f30b886166dd94403bb36a430cc938fb9","ssdeep":"1536:K5npj1T/eBmwiQ8iWiQH5iQziQyPFGOiQ8iQKiQnmmTbdUiQno/WiQ6fwax:JBmwVsVH5VzVyV8VKVn1T2VnoOVC","tlshash":"1314f836cc625e2ef13f9d8adec7805c512c7c47f5936ebea4697368c2d05e8226b508","first_seen":"2025-01-22T15:28:39.089792Z","last_seen":"2026-05-13T13:04:07.277574Z","times_seen":8,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/main.4e01e1c8.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/main.4e01e1c8.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 233577\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 14:57:57 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:48:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 425000\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rT1TcLA02BGjvS4HEo0lz8OT4NMGprNNWJzcXZntx76Y4nHtNGEqnTr3LQ21%2FYLhpqm8awd5kDL8j9fEHRegPWecdHACLSSoY0O6CDn9w1VeuiqeU7KcZy8Q2RnPjFzrDFRVCcZG1nPO\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67f895e2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":479902,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"3dc13006299065c02fd22ab121e99b73","sha1":"28c69b1e43648b1a751a05547468f31392e7c236","sha256":"c820d9719b1436ee4ae91019d9647ba342b3e75909bc181cefdd2d292eb26786","sha512":"3aef10e62bf5749a140e43499348a0794f9eef86cbfded05d562e195cab88ebfbb1096b3d56fd8d9f2a8215e4d04f2019a7794fe8c9b7932a6402ef153f03bbe","ssdeep":"6144:5fAlmM3L+esj9nC5N9fZ/rFZsUEmr7VnSN08uezJACuYY/UXT+L0P:CAE+MZ/bsUXhSNZdX6L0P","tlshash":"b0a47cb1698916cdba174f3fea16683e6d1eb4ff7b4084ce5c9d36e4d322151890acb0","first_seen":"2025-01-22T15:28:39.162709Z","last_seen":"2026-05-13T13:04:07.227969Z","times_seen":8,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css?family=Roboto:300,400,500,700|Teko:300,400,500 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 26 Apr 2026 13:01:19 GMT\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24899,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"dd59052c593dd4fd28220ef1c4ad1931","sha1":"dc1d41a2023de52c9a6c22813f4f3e4023fb18e9","sha256":"e1846912562de798b6a53af1f5fe9c464510701b176dacb7ec48fb8d20685771","sha512":"187d04ddbc2fca32f696fae47a69878f3eeba01bbbbb6404c9f7a6bc0c0acee7262676307f49f12d519aeca74f7dd239fb8d5b867f8411769abbf5b8cbbbee27","ssdeep":"768:3FsbbYSRv4wFMl22YfRiJhan6BBYERNeWwhQHHYORjUM+:LIHT/","tlshash":"e9b20ba10417440097834ce223cebf35fe1f62507042d0b5abfd9b6baddbca652693ad","first_seen":"2026-02-20T02:02:37.810981Z","last_seen":"2026-06-05T03:08:03.29439Z","times_seen":93,"resource_available":false,"data":null}},"time_used":981,"timings":{"blocked":335,"dns":24,"connect":27,"send":0,"wait":34,"receive":0,"ssl":557},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/find/1.84558463.jpg","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/find/1.84558463.jpg HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 300293\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:26 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0n3Dqg0rXz0OoFlEUOUkBYly4dDCCPN%2B%2FrrMapmqlhRXLhEJ9O7JhgHUXuhAhqGXHeXh78AlOZ81G%2FEx08XnT7Sek1HfFUt4tn8d1sZX%2Fl%2FzuqtLwgWg3DAAZOGYughuTRNUWo4Z1njM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6846f792efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":300293,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2460x1080, components 3","md5":"845584637878717c9f1826acf9fcbbd5","sha1":"53a4eeaab9cbb1267a6b072a037a74e25c1196bc","sha256":"ab5a2fdfd17a380d288304b941740f2b3cd5ab580202ebde0eb746e75e1c5d90","sha512":"cc2fbf284fafafb28b145487d809ace8ec7d4604036b8e9b5a1d7a3b2ea960c021e2fc46be6430368b14e5527601b927f2bfd37f2c5c42c7c8e241c0eecf18fc","ssdeep":"6144:2HqoMZjjJ+kuHSW1tpBtzTN+YOKELxCcGxkWnXfa8h9QpG:2KdjOHbpBtf7ELADCDo","tlshash":"de54223d5ff4c2a0f2b651b89b0293516841e56a46a126339573ee8bf33c5fc9d1223b","first_seen":"2025-01-22T15:28:39.070635Z","last_seen":"2026-06-04T17:36:17.883725Z","times_seen":26,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29707\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 15:48:08 GMT\r\nexpires: Thu, 22 Apr 2027 15:48:08 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 335591\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":84320,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32180)","md5":"32015dd42e9582a80a84736f5d9a44d7","sha1":"41b4bfbaa96be6d1440db6e78004ade1c134e276","sha256":"8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3","sha512":"eda31b5c7d371d4b3acced51fa92f27a417515317cf437aae09a47c3acc8a36bdbb5a5e70f0fbfd82d3725edf45850dde8ca52c20f9a2d6e038b8eaaceee3cf1","ssdeep":"1536:AP1vk7i6GUHdXXeyQazBu+4HhiO2wd0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrb:z4UdWJiz6UAIJ8pa98Hrb","tlshash":"a283d6d9b2c67062977734b851bf410bb17a98dab80c8c60f0a4d4e47eb4a8d517bf2d","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-08T20:56:18.65713Z","times_seen":15239,"resource_available":true,"data":null}},"time_used":548,"timings":{"blocked":225,"dns":11,"connect":9,"send":0,"wait":11,"receive":8,"ssl":281},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/feedbackSdk.fb053b3a.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/feedbackSdk.fb053b3a.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 32466\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:59:46 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Ywr32TjoDmZf%2B%2Bk67q7%2FRMSnM5u9OiqBURqsgGaUTU33MrnsEfaLjpBJnsT09AY8D4DRLNpH7MIOGYKNUZBwkjYT3M%2F26rVYCQ%2FH4%2F%2BiWxl%2FRaz0zmtGzalLdc38iRiQy9cFMGBEs7R\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6806b912efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":148121,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"ff580ef37c441a01b0d4623c1364dd2d","sha1":"bd6f82df3e03dd24398d86c0629021bf5fadb36c","sha256":"9d6d907eaedb2f7c2fea6ac8d3de0bbc0c4ce849bfe8334df833eb91da14b30f","sha512":"5834611b47af40b7b6b42a8d77ee25125bb24b50697690804f956d5b33b837d10c34f3758e8052954d07f7cd5b9bad73a1739b6470a217fca801ab9feba92226","ssdeep":"1536:ZIv6sK4+2NPzSPXeeQbq7Yrc+twcl8/q0Bmg1R0xR0U0jUTjIFhbQrBsI7svsAq:w6N4+0UFoFak","tlshash":"eae3f896e6e03d1eb81b5d2ae7dc565e3510d4d7f8a20eeffb01b2b581c7ed81a20205","first_seen":"2024-10-30T20:47:39.164194Z","last_seen":"2026-05-13T13:04:07.259527Z","times_seen":10,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.midasbuy.com/oversea_web/static/media/bar_bg_m.5561b110fa7cb24b096a.png","fqdn":"cdn.midasbuy.com","domain":"midasbuy.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.midasbuy.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 21 Apr 2026 00:00:00 GMT","end":"Thu, 05 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D8:AA:29:F9:AE:E8:71:32:E3:53:9B:9A:8E:E0:02:65:B9:87:F3:C4","sha256":"3A:84:02:E7:BF:56:E5:1B:74:95:6D:67:BA:6C:6A:D9:6D:DD:06:3A:50:8C:FA:FF:CA:1C:4C:64:A5:DD:DF:9F"}}},"request":{"raw":"GET /oversea_web/static/media/bar_bg_m.5561b110fa7cb24b096a.png HTTP/1.1\r\nHost: cdn.midasbuy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-length: 0\r\nx-nws-log-uuid: 10093410750148512425\r\nserver: Lego Server\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\nx-cache-lookup: Return Directly\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T22:17:26.933573Z","times_seen":16251514,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/c6694223f15f72bc9598ac3162376fb5.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/c6694223f15f72bc9598ac3162376fb5.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"5d49765c2a76884ccb2fe5bf478dee9b\"\r\ncontent-type: image/png\r\ndate: Wed, 02 Apr 2025 12:44:49 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 8814007657777746047\r\nx-cos-request-id: NjdlZDMxNDFfODY3NWI3MDlfYzkwNl9kMWYwZTc5\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgwMDgxODQ\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3717\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 17579330550820032695\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3717,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"5d49765c2a76884ccb2fe5bf478dee9b","sha1":"5319ba1426411a80fdd3e63a682fcb97e12d6ec4","sha256":"3dea9a73cd732f132543ac86091bd8f81bdbf4a96eb394e0e2018d9600305a05","sha512":"6fbfb3e8f8b7e5ceb84cae02203fb4f6d35f5fddbdcf7124296d56373892580b1dffde03757f302ca3bc48e3949687a3f3b3358c7dd9cc7eddf490a901fcfd34","ssdeep":"","tlshash":"d4718e25a5c0d564e0b4dc2c3c94e36bfd6430d53331ba214b0816f8283588772d7762","first_seen":"2024-10-30T20:47:39.053962Z","last_seen":"2026-05-13T13:04:07.281693Z","times_seen":18,"resource_available":false,"data":null}},"time_used":755,"timings":{"blocked":654,"dns":0,"connect":0,"send":0,"wait":55,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/abb7da543aad342e9b543399b4f44a51.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/abb7da543aad342e9b543399b4f44a51.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"0f0b5f1b689ff5f21e47e0cfe3098120\"\r\ncontent-type: image/png\r\ndate: Mon, 20 Nov 2023 15:03:02 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 17445457594453902977\r\nx-cos-request-id: NjU1Yjc1MjZfNjg4ZDdjMWVfOWI1Ml9jODQwMGM0\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgyNTE0NDE\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3699\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 18426233254605213175\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3699,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"0f0b5f1b689ff5f21e47e0cfe3098120","sha1":"21bc4b71d70978b3f045ff1e078db3975e7c92cc","sha256":"1354edfd3ed632934e78d9c154210fa1d871103e5ce5b45fa09172b4ea8924e2","sha512":"f3cacb787ba52d05d7ed82f3f6002c5f0873a3d349f52b19794802c7f42b69798fcc20d4503c223db763a22d21ed368dc8b16d7c7573bd417083fbbb59bcf89d","ssdeep":"","tlshash":"f0713cd268ea62ccb761c63040b0db01a6286ce80e2a893bacb75df55051595f96d1cd","first_seen":"2024-10-30T20:47:39.014083Z","last_seen":"2026-05-13T13:04:07.294777Z","times_seen":18,"resource_available":false,"data":null}},"time_used":739,"timings":{"blocked":639,"dns":0,"connect":0,"send":0,"wait":75,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/9552.808739f4.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/9552.808739f4.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 7465\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 13:39:20 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:57:32 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 429717\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iuoo38026k06RAUo3TUoblCTV945VYiL3%2Bd1diYBciNsSjWvR6%2BswL%2B7fwoxmpZasfA9ieI3zdVJzSx7SQ06V7w3q8%2B9rXr5Ebgw5FmfcG%2FpBt3ekKEIw1UqKURWZCI9QerPyiEiZs4E\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6800ab02efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":29997,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (29997), with no line terminators","md5":"de84973343f43542a85bb99aedf3a2e3","sha1":"e321e60e593ff35f7c03358274392bc116272b35","sha256":"c2de83da0e0995a21ddc2a4f92cd2c3890a3f1918a3c5b1939028b7fc7bcd7f4","sha512":"f809eada44d52189801f089f7642085ae31e57c470ee3e8138b858003835587680e3d70ff7ed468aeedc75c6d6ce3874db03934b5f7c5cd0e27ecea063e0b85f","ssdeep":"768:3BQxhi9qCr6dJJ254lLCe3pv1QYfQMLlGRzeLsCJ254lLMFl:3BQxhiQCr6do4lWe3pv14SLsb4lIFl","tlshash":"04d2b66d6bd3283aff2dd7cfc551b10a47fb6905f7422f7cd260689a42bc99813610a8","first_seen":"2024-10-30T20:47:38.831917Z","last_seen":"2026-05-13T13:04:07.17428Z","times_seen":10,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/icon_fb.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/icon_fb.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 4538\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:18 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eQaWtlQ%2F4vtQn5kKxsAd7w0Qptm3b96CLrOY71ibusytBmBox1kdAtWeK5mOvMJ%2BLvPqHNl792sGUiDnyJjCp%2BhuChp2lkG7WPMUPcVLntFSmNO3uIUsHA75ycp4eZxHtwiMwyTozMEX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682aa6d2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4538,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"8552ac3c41b10ae9e7f13d95e845a35d","sha1":"86715d70cf7fada24e9d5e6647135f8678e923cf","sha256":"3963edc509012e07abe8e5e3955a1793a21cadbc706859f1a299779b4289115a","sha512":"5952b45539325f0588a781e1da4b524c08f276b8ba49539906ccd5830538ac80300fc6a5802b298780b0aa840c921ff58d2aa907d67087e10866588c77468585","ssdeep":"96:d/5DiI4ol5U4Lm/kAqGSIh3TcLa7taEbpiuSymf84Jz33iGGS1Mm:d/RJrSkAq8hjc4rbEuX4V3GSym","tlshash":"ab914b716dd81eefd71816f4267ee75ae5e09ef0e226c00ec157b66221712069f83704","first_seen":"2023-12-16T16:31:33Z","last_seen":"2026-06-05T03:08:03.276275Z","times_seen":200,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/2690.2a22e3f4.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/2690.2a22e3f4.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 52280\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 02 May 2026 10:58:08 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:52:38 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 93789\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7xB3fmZJ%2BmQAyFXfNO%2BNAPYKXid%2F6324HdvKxemQFXUUPk%2FBlVbAB3knLRewlT7fy8dDz1uHPa%2FYS%2B5vZNPdpfyagB3v5aPWxBcXrej0M5RSL4uX9TOfaz8X7n0y68H%2BDhlq32bx6jQ0\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda1b2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":277039,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"756974ae2b8ba301e80ab97eb72e124a","sha1":"e020bcbb1fc0c93f9e263a31c59dd3d53626b304","sha256":"4c6f8aff212ccb9702794af13c0af857f2f9497c34daad30a1bfa5c7980b7d3a","sha512":"be48fa2049c7fa2090425fb3e16fd8aca68e59fefe0e3ec185b1fba4bbef457899392ff74993b27f057be4a16dd23fe45caa6fe17b47f6d2cb7ca462f9cfe98d","ssdeep":"3072:mV5zd2VsfBaAzMV84PShosxTSv06+Ta6VZVo4HxNyVjVLVsVLfAiVBQ:Q5eQaUXo4Hx6xZ2LfAcBQ","tlshash":"6a441a3fc8229d0ef2b7cd10f5835a7f4d5a800753da1a28f5687f7689c39ee2a22115","first_seen":"2025-01-22T15:28:39.091687Z","last_seen":"2026-05-13T13:04:07.216257Z","times_seen":8,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"site-assets.fontawesome.com/releases/v6.1.1/css/all.css","fqdn":"site-assets.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Apr 2026 21:57:31 GMT","end":"Wed, 15 Jul 2026 22:57:28 GMT"},"fingerprint":{"sha1":"AF:65:F8:6C:70:82:CB:7C:3C:AD:4D:54:65:50:3B:13:F0:3A:0B:2E","sha256":"2A:78:5B:B0:CC:FA:C9:8B:51:86:B1:FA:62:ED:C7:B8:BC:18:15:3D:91:FC:87:53:9E:E0:AF:8C:08:D1:17:2F"}}},"request":{"raw":"GET /releases/v6.1.1/css/all.css HTTP/1.1\r\nHost: site-assets.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/plain\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9f25c6812981a0f0-OSL\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T22:17:26.933573Z","times_seen":16251514,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":54,"connect":1,"send":0,"wait":18,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.midasbuy.com/oversea_web/static/images/big-new-close-icon.png","fqdn":"cdn.midasbuy.com","domain":"midasbuy.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.midasbuy.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 21 Apr 2026 00:00:00 GMT","end":"Thu, 05 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D8:AA:29:F9:AE:E8:71:32:E3:53:9B:9A:8E:E0:02:65:B9:87:F3:C4","sha256":"3A:84:02:E7:BF:56:E5:1B:74:95:6D:67:BA:6C:6A:D9:6D:DD:06:3A:50:8C:FA:FF:CA:1C:4C:64:A5:DD:DF:9F"}}},"request":{"raw":"GET /oversea_web/static/images/big-new-close-icon.png HTTP/1.1\r\nHost: cdn.midasbuy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-length: 0\r\nx-nws-log-uuid: 4981005659577269837\r\nserver: Lego Server\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\nx-cache-lookup: Return Directly\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T22:17:26.933573Z","times_seen":16251514,"resource_available":true,"data":null}},"time_used":1501,"timings":{"blocked":592,"dns":745,"connect":13,"send":0,"wait":23,"receive":0,"ssl":125},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/ea5a6d6957c40eba3e23ab595a21149f.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/ea5a6d6957c40eba3e23ab595a21149f.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"d244ed5276d11a8cda6da856db0ea9ec\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 03:54:50 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13077386745630545903\r\nx-cos-request-id: NjhlODgzOGFfN2FmNGQwYl84YmRfMTljNjljYzg=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgxNzg4NTc\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 4475\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 17252207667012094236\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4475,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"d244ed5276d11a8cda6da856db0ea9ec","sha1":"8e8dc2f5f2388de5bd7e38972dfcce8ce871cdcb","sha256":"e79a60b11e79667b7d66c3b748e100ee3f03f9fb834335896ddaa709acf95c0d","sha512":"cf8720e0983e663866607b0e41c457f425db18714d8cb78a3fe9ab7c85b28a85a3740ff06c9a27ea74b7a8195ab2189e1751b7df0d26f93a5b4aa8633425801f","ssdeep":"96:d65sWsLEEF3ehQM9xSMqtbGUR6NjRZSGR2FbyYyn64wFtT5H5sWsSk:d6kF3Af/QijOSmyT64q5HU","tlshash":"67916c389ee54620e67e217618a5dc90942aa4831b9388b7d3a7f08307545d73ffb27f","first_seen":"2024-10-30T20:47:39.049799Z","last_seen":"2026-05-13T13:04:07.182827Z","times_seen":18,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":693,"dns":0,"connect":0,"send":0,"wait":27,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-1.10.2.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-1.10.2.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-16bb3\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\nage: 842616\r\nx-served-by: cache-lga13622-LGA, cache-hel1410026-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 1, 4250\r\nx-timer: S1777208480.792445,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 32788\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93107,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32072)","md5":"628072e7212db1e8cdacb22b21752cda","sha1":"0511abe9863c2ea7084efa7e24d1d86c5b3974f1","sha256":"0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988","sha512":"3aa68568ff2592ead412a0c7f5c39abc37ac562f00b7c16af07cd5eff881aadce77ec71040b36c0ad9c2d2aa4edd7744fa72b0f44cb8b485d4f283b1b49c2141","ssdeep":"1536:L4mCgi8DyCuXXFiJ+L0kJQsJVPEKLQRZdC/RlfDknv+p0WzH/IoSZ7qABZnu0sFv:LGsKXlI2p0WPSbDrstfam","tlshash":"3f93f8ddb2d1b06257bb21bd006f540ff236195e280d8850f129e8eabc74a4d9277fad","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-08T21:36:27.979409Z","times_seen":15525,"resource_available":true,"data":null}},"time_used":589,"timings":{"blocked":241,"dns":11,"connect":15,"send":0,"wait":25,"receive":6,"ssl":287},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/js/flaglink.js","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/js/flaglink.js HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 47851\r\nlast-modified: Fri, 10 Apr 2026 16:43:50 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\netag: \r\npriority: u=3,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HHOMrTDoMFWwPtYJOuIMO3TDPQrGtGbSeftE%2BSBOGt3DrzPUtgwzGsYEgOWYIgyXOuf7XKvM9us8r6BWn2ieXImIz3y3n9aUpX05na5BPfJHUyURaa%2BBVvcKlWLXE8OD2hmAgTftKQtV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c684a8402efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":320021,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1625), with CRLF line terminators","md5":"a3de47d0c5149149bebc1ed56b6f7188","sha1":"43cdb6fc2a89067836557854b75cfa7f313437c0","sha256":"0348365d4d16c36ac5a1f83f46603b4266fa18902aa1b70c4ba6d5a1ec74e7da","sha512":"68b5ece26e190331743a22f2756f0806e16b8f35fc87e0e330c2d9e6589868be0e3d2dc37175c9aec38f6a02b0eb44532f5963897d46fac6ebdc9619788c1ef7","ssdeep":"3072:Pabuvjtl8VAqI7H+bGwbGKGQjNBmnnYdvw:P37/LebGwbGCi","tlshash":"f364f062d636a717b371b56c42a37dc9d98c6adbc0884cca39fe9b8d0f3d4b2459c118","first_seen":"2025-01-22T15:28:39.269469Z","last_seen":"2026-05-13T13:04:07.265521Z","times_seen":12,"resource_available":true,"data":null}},"time_used":193,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Apr 2026 18:57:25 GMT","end":"Thu, 16 Jul 2026 19:57:22 GMT"},"fingerprint":{"sha1":"AB:25:45:8F:55:B6:2B:26:B5:B1:EF:90:E0:60:64:9C:56:47:0F:B5","sha256":"47:83:31:CC:5E:02:0E:51:A7:52:AC:83:1B:8A:A8:4C:74:11:A5:F1:61:8D:C5:6D:29:3C:9D:6A:C9:29:AF:7F"}}},"request":{"raw":"GET /beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://irdgqgog.fortoday.asia\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2026.2.0\"\r\nlast-modified: Thu, 19 Feb 2026 17:45:24 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9f25c6867ccc8be6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31169,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31169), with no line terminators","md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-06-08T17:41:06.186196Z","times_seen":78106,"resource_available":true,"data":null}},"time_used":523,"timings":{"blocked":212,"dns":13,"connect":1,"send":0,"wait":10,"receive":0,"ssl":283},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/midasLogo.dccd1c37.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/midasLogo.dccd1c37.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 5509\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:37 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:01:00 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vSkVgsHnUjCI7kcZLttqrSj1Z0jz%2FAY7lOe3xs1D%2FHsIlufFlNPpVl8chNs43i%2BxYURO6KE%2FuUz6AVo2GS4s68csQLflto%2FP77lKJAqIhYMdGCTjFMrngFwF5V71gQHgRQty%2Bvtsgxc4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6812d782efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5509,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 243 x 52, 8-bit/color RGBA, non-interlaced","md5":"dccd1c37642849801dd514bc9bd2bc30","sha1":"f1ff2d55663a8f7924ac4f4e067471a0ef6cceb9","sha256":"e60c984b6a348c723b94a2d0db2cc30b2e6677974d8ec5f4314bd0b98a8259fc","sha512":"97ffea5d7f3bfe0f05e111f481ac6261cf67a40e3ddbd595d410953f440629fec930ede06b8638304de310b1fc9bb163c167dde24f1f79ce0bae710f9a991ce7","ssdeep":"96:3fBSBOkkpM9oswGUVOaKXI0gnRvMqFfXw1CceIlu9H3HXLQaaOMrPKnUzlY+8an9:3fBS4m29VOaAIrhXwgceIlE3L58cUzl1","tlshash":"24b19e21b8f0982e2f1ab8df4ef5226a6434d8624931641255b863ca4e614c7d5fb71f","first_seen":"2024-10-04T10:55:06.179656Z","last_seen":"2026-05-13T13:04:07.254694Z","times_seen":12,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/9862aeaf448f32090a4c61dced07ae74.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/9862aeaf448f32090a4c61dced07ae74.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 11 Jul 2023 12:09:00 GMT\r\netag: \"525e2453f58f8f8a52d4d226557f7947\"\r\ncontent-type: image/png\r\ndate: Fri, 25 Jul 2025 03:13:26 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13514664086594741981\r\nx-cos-request-id: Njg4MmY2NTZfNGYxNTc5MWVfYjM1M19lZDg1MWQy\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTQ5OTYzNjk0MTUzMzg\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 8273\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 15743462154654922262\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8273,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"525e2453f58f8f8a52d4d226557f7947","sha1":"fb295832a2d81edd5c7cc16e946d3728eb1795ce","sha256":"4b6e1dc3fe4ab6e3017023bcfc253977a3c1924c84ac1cf0dfc125d8c3c2d2be","sha512":"88ec057f1c0ede6380c96c852067997059a81ddd73cf307d32cbe0e3d27a0b2339052e455762ef48da0998ffda2eda25ac8f4bae0e8500057b6baaaeb8e5bb76","ssdeep":"96:T6Zb9cKbr0s2O2A2J+aN+ZlTErMrkyo7m0C9enWRM+70QeKmv8rZylSvXd7/NiMS:ub9c7O2AiN+Zl1UM2+70QeVJYlxD9Rk1","tlshash":"fa02ae579cfaede1cad4b5e354508acc8a762544a98e3b3380811e0c8b67e329875b4a","first_seen":"2023-05-01T11:58:24Z","last_seen":"2026-05-13T13:04:07.218196Z","times_seen":62,"resource_available":false,"data":null}},"time_used":752,"timings":{"blocked":652,"dns":0,"connect":0,"send":0,"wait":75,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/f2e1d34f93ad107cc952b7c66c903bfd.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/f2e1d34f93ad107cc952b7c66c903bfd.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"94a352ea461a1194e6d8c0fd4790e018\"\r\ncontent-type: image/png\r\ndate: Tue, 20 Aug 2024 09:12:47 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 10531465115582882004\r\nx-cos-request-id: NjZjNDVlMGZfN2FmNGQwYl82ZjFiXzM2YmE1NjY=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc3ODMyMjI\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2246\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 5485604163182766422\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2246,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"94a352ea461a1194e6d8c0fd4790e018","sha1":"9e2722de3b50d1e16dcdceaa4730b563345a5678","sha256":"ed290c84e40b717a7f85b4c25ff015758f0b8fe1752cc437f83b36f6914c84ff","sha512":"dae68476055a322964c58e12ca39278aae506898ae0bd58087dc54186e83dc1f3ed647fd5f1b9d9287df70fbb2b58a367ff2a7eba49790625bb891e328b8ded0","ssdeep":"","tlshash":"b1412bd41e4916fcfbf5eaf8138473c924644d2783165e0b08c33681bf99115775ae5a","first_seen":"2025-01-22T15:28:39.238629Z","last_seen":"2026-05-13T13:04:07.283068Z","times_seen":16,"resource_available":false,"data":null}},"time_used":713,"timings":{"blocked":634,"dns":0,"connect":0,"send":0,"wait":75,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/icon-twitter.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/icon-twitter.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 5997\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:16 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8SZpUC0sKnT5GhdgFJmN%2BkYMp%2B9EoEmDGP4lNjBZ3DlgW0yj8kA0rolNl86M4tqOsGGbUkjONcrqZ5r933kZqwtJeBPPeseFZSlwTboGPzNtITw0JYDvETKOgS3aR%2FjOqv%2FJ4eJY6O79\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682aa5b2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":5997,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 86 x 86, 8-bit/color RGBA, non-interlaced","md5":"3102bd5ece1855fd21122d8f0e2f6b43","sha1":"79e8a83aa0eaa45dd07914726ad40736fd0bcbcf","sha256":"4b3a0f6de375b108b3fd927b85f45660478919a1dcc7051ff227e4bf8d49d9de","sha512":"3c2cf28e956f19e6b8ff56a50f3e4a9cca00db32fefefca05679756d422905c0030f9a1ef7923eff4c7b907b600e580e064a76fd1ccd6f13353e209ce22c4c3b","ssdeep":"96:5KbjeqR6yWefSE9K4JoARywhJfepn0WS3IBPLWbqhqtf9Xb/19R5mz1FfHfpz2:wLpGGyypOn0WZGq4fLIHxK","tlshash":"c4c19e3c04bc78bd2173434781655d2c461b09a7f608cd7f7ca2c9b483a9681dfda622","first_seen":"2023-11-05T14:08:59Z","last_seen":"2026-05-31T06:09:53.796863Z","times_seen":263,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Cedarville+Cursive\u0026family=Mochiy+Pop+P+One\u0026family=Montserrat\u0026family=Oswald:wght@300\u0026family=Varela+Round\u0026family=ZCOOL+KuaiLe\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Cedarville+Cursive\u0026family=Mochiy+Pop+P+One\u0026family=Montserrat\u0026family=Oswald:wght@300\u0026family=Varela+Round\u0026family=ZCOOL+KuaiLe\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 26 Apr 2026 13:01:19 GMT\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":227151,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1981)","md5":"a4956cab6d0eab1f94b1b068b3509eb1","sha1":"962e26da86e42b07d6ebf092b36336933094c9e7","sha256":"c02a8228fd18e4e93d380fe8ae6351837bffb8bf2a20ddf0882cf028558d0420","sha512":"6d17ef05f9e30793d83e2f96233c8040a656b25a9c4fae1ce12f7ec3dd75eaa47a4be013ee5c98a0d64576557db8e977910f5ed2843450a494be971c99772844","ssdeep":"1536:uVCN1Cm7Vx9GK3psfQas3/8krtsX5WV2YoWMrUNNISLsbgMTL2ZR8oUa5gLlcXfK:Hh77lyaukpHN6jk318FjEI4FkNMIb","tlshash":"6e2401a1450746dffee71ca752ced925bea9687cf981883852f505c3ac0e01ad1cbb8d","first_seen":"2026-04-26T02:12:57.149573Z","last_seen":"2026-05-13T19:15:32.325442Z","times_seen":7,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/footer-tiktok-white.7743a9ae.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/footer-tiktok-white.7743a9ae.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 2135\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:08:08 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5IqDzkZilr5Usiyp0EGqYvjr0mDWOHX%2FE4zcPeUlcD15PgoKPIQ8eYVcLfBUctMPgNHw3CL5VKkR9aa9OlnBTA8qFYH3l7%2BS8zkqGgCcmFmjqscjG3cETPibsgAFZvPVhVhzdBESto08\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6816e462efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2135,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"7743a9aef9d3b6d89f6567e7514036d4","sha1":"08fea638e8c8f7641edaae510c80879686ddeb77","sha256":"f10cdb32b8d7212970310db9166bb421eaea8128f1767604c22001fac1d5aa97","sha512":"3026b3db841167368fee46b289d332712048941536c8d3cad1a57502473c1d377653e3f54507141c4b4e9058e13c2407cdaadd65e38d06152bb16da0863a8c80","ssdeep":"","tlshash":"b6410ac2df97089e0dafdd241df9d59bdd2ef153838a43eae4b8a079bd809495d04c81","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-06-02T05:48:43.030932Z","times_seen":356,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/login.1b93034a.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/login.1b93034a.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 24487\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:55:18 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eRDS2nfZZDwo3cVPsJxVf40g38T9iJj9C%2F17G5pqvQTfoOWDBtnRZ5heB1nBrpLb8ixpICfSuyG5GgxcJNmIiVFwMlEsEXCXCJnslJpbQNwXrfhtrtIR2kEHm5IZNTIeV5YQXI3gA0hm\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67ffa802efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":104765,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7c5646a2ad9d33f915eea7b1eb2ea9c3","sha1":"603ad6ad6602f602c3c4e17c8f181fd1016a755b","sha256":"118399449d4d66cecf8920fd06d5fb023bf4ce2d4265efbecea6c201f45fd079","sha512":"e340d6ac83eb8c8b77a8e1775367d92e6abd78fd54164391dacd314cfccfce9e4a473b65b4af4bf394ecdd88df0873d90f4c0de1868dd0859d8b0a6d99a04127","ssdeep":"768:PIbZb8gn/zxoI+Q1TG3eFurfGxYrqvGe1T0/37U+urqo7sGm6hHLPckLcsR8NxRp:PBg5FuDGGrM0/3+LlM0e9","tlshash":"7ea319a5a6b4bc5cb86b5d36e3dc569d3a04c8c764a20ebff640b27588c7edd2321304","first_seen":"2026-04-26T02:12:57.087467Z","last_seen":"2026-05-13T13:04:07.231002Z","times_seen":5,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/95d5b65e11db4f4b0d51000f44521a95.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/95d5b65e11db4f4b0d51000f44521a95.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"0c51b7e04c9d0676c3456ec6e87f3950\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:15:23 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 1342703616422124124\r\nx-cos-request-id: NjZmNDFhZmJfOTZlZjc4MGJfNDZmXzdkMzhjN2Q=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc1NzAzODQ\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 1608\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 10214830436655253784\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"0c51b7e04c9d0676c3456ec6e87f3950","sha1":"62f7700419cd97a5ebab738c9f83a3c2a69960e3","sha256":"77702c068dcd58565b8dda13412ae9af3c51acf066d67511ff533a8efbf0c076","sha512":"dd172ed93a4057b2f965436e5c725e56cc667584c690b5fce5131028fd2e3f3df2129a5b1e8e49803e76bde4d909ab2520152f5bbf1350b0e486826dbde1dd65","ssdeep":"","tlshash":"0c31eae77b80341ca8ee4b80b1b6587072dd553f71a606e4c4812ae90785c35c0ea769","first_seen":"2024-10-30T20:47:38.999188Z","last_seen":"2026-05-13T13:04:07.334413Z","times_seen":18,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":645,"dns":0,"connect":0,"send":0,"wait":54,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/671f8d2ec867810a0d085c3e5c94e9fb.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/671f8d2ec867810a0d085c3e5c94e9fb.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"3c414d53f0c5db2bc26ceccfbac3784f\"\r\ncontent-type: image/png\r\ndate: Mon, 04 Nov 2024 12:09:13 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13064905244496772742\r\nx-cos-request-id: NjcyOGI5NjlfZTgwZTc5MWVfODY3Y18xYmM2ZGFj\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc0Mjk4NTk\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2945\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 11235239487078883498\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2945,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"3c414d53f0c5db2bc26ceccfbac3784f","sha1":"64c9a6b329df7ab67e647542be34e3269e7008e7","sha256":"22b5c27d040dfde79ef65bcfbe6a6bf7d5a5c413eaf4e1f3915fcecebd852eb2","sha512":"08ed045365f1652091a6d0ac820fb0b2214340090b470e7d1827974b3d82c7ec65c53955b716520e676312160c3550177e4b662645cbdc0f68fc6a8498dd1aa7","ssdeep":"","tlshash":"a8515c31dd15390a21efbf722107362445d19d1b86bbd1098567c036e87c7948a7d62f","first_seen":"2024-10-30T20:47:39.029813Z","last_seen":"2026-05-13T13:04:07.250089Z","times_seen":18,"resource_available":false,"data":null}},"time_used":728,"timings":{"blocked":630,"dns":0,"connect":0,"send":0,"wait":75,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/find/2.4d71ee03.jpg","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/find/2.4d71ee03.jpg HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 200126\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:28 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8Vwt3aqUiJt1br5b48DuzCx1wLru498Mt8GrzmDXMjCL1%2BDj0QKUbSqCH3UDapcD5aM1LESkWqvb2jW3um%2Fzdz9Q%2FsiCLPUYsDslv%2BQK3%2FQnCbLSH4ePHESEsjY5wdVHHeHnKnB%2FJ8r%2F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6847f8c2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":200126,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2460x1080, components 3","md5":"4d71ee03b0f0bee2365c91b54956c404","sha1":"89aace8dfc7a3c29c852b081625380c305d2f5a2","sha256":"8dd984223922810afa892b8d60539352f4e30ea19c1826f46529dbbb3f42d898","sha512":"f7255d8b805069ae829b985ffe6cf3c135a688de7b27e778c02c9af2c26a77f75612cee950f15806f60ccfdd1aa3bc7457f62cc260a69208455c9ea66c7ddd95","ssdeep":"3072:9Z0h08Unwyn/2zEmk91N5jE+ytPNlT8j8VZoh3kcw7RT03gZ1vTvsbXvgv8NCY:9ZGUwkzR9fq3tPwj4ZEGU87sDg4CY","tlshash":"ab1412a5090626d7c9ffa3300296db7d2a0b85fcc5598b61e2b44f71e8e26f2bc34516","first_seen":"2025-01-22T15:28:39.132159Z","last_seen":"2026-06-04T17:36:17.834448Z","times_seen":26,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/reward/mat.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/reward/mat.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 22139\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:36 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ov9vR%2FFEj9OOeZWiOhrLEElvFnn9gmYRbWrRCUjoOMNurBlvzlOyFeP9cjM8MWM6q3DXz8tBUm%2FgzG1auvAvRdRjrZopX83Sa6lWd70hCpf89oNQjYCyZN9XgQ2Wtpuz7oYcuTg%2FsmZl\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814dd22efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22139,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 480, 8-bit colormap, non-interlaced","md5":"f2da3583c3a9efd372034ee83f2274ba","sha1":"3d7688ff15393ad038a54851ba64128c116080e4","sha256":"bfb551be6a0157558d4145e40555a5d6d5f08ab7820f36146938155d147e6d5c","sha512":"494b3a3ccc61b73f498ac3ffdb03a2e2dcac1edd684f4730b86401f4c5bb6f6ee2953d1db63f0a96b02168883b2aced6f50fa069a03e101c7a55c8626ba63351","ssdeep":"384:J5Dc1Rb6fDlhLMhp6dnCPg5foT/Y/LcAowvcsFnT3SkaEvwUubgqLGQb:Gb6fDl+0d5Cw4twPlbvSZyc","tlshash":"efa2e0035dc4e422c68955fa82391ab23f044fa93467c7ef504b75924b7a39f54938e3","first_seen":"2024-02-22T16:27:47Z","last_seen":"2026-05-30T18:01:54.02652Z","times_seen":132,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/2ea90a3caa3f65115931aab51dd00cb5.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/2ea90a3caa3f65115931aab51dd00cb5.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"82d0111247fcd06961845307b01a568f\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:15:23 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 5542716294732801677\r\nx-cos-request-id: NjZmNDFhZmJfZDVhZTRkMGJfMTRiYzZfN2I1M2MyMQ==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgxNTYwMjE\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3424\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 16011527070403255361\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3424,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"82d0111247fcd06961845307b01a568f","sha1":"7d51c376b87fc19fdf4934b1c751b6c179734d56","sha256":"3ff47a5e812df9768d1468fcabf2b74127f5f67a18c46ba917fd5fd96c5f8cab","sha512":"56c7ab6db5b8be78add66604388ff33e059b4365b320e74988362085b2464f3d7b06ba03c8c61e5540010cfad7c142f0ad3a4b3ef9f61539692808f73a4d3e02","ssdeep":"","tlshash":"ee613b7fdb5a686fcad0b5b943913de102857a65303b0414ee27444994ef38ccd9651f","first_seen":"2024-10-30T20:47:39.033258Z","last_seen":"2026-05-13T13:04:07.22676Z","times_seen":18,"resource_available":false,"data":null}},"time_used":739,"timings":{"blocked":639,"dns":0,"connect":0,"send":0,"wait":75,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/fonts/DINMITTELSCHRIFTSTD.ae4cacf317c4c9c6befd.woff","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/fonts/DINMITTELSCHRIFTSTD.ae4cacf317c4c9c6befd.woff HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: font/woff\r\ncontent-length: 24996\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:20:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:26 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 416438\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hFaDv4e3ausXO5SqMFam6edTP%2B9QFUb%2FdjlGP09Xm%2FgjJxNjssvoNw6wgKAo86TNQbxBbq8B%2Bv%2FPqX2X5nXyZDgSfe%2FAMapvLTdpB%2Bo5B1tg%2FbxS8uuBXjHYDWme5x2peQ4JchA1kmBd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c687a8fb2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24996,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 24996, version 1.40","md5":"2018d35e708e07985693c6bc12a59861","sha1":"12faf69d54217b30d4458fffad689e758b8a91c6","sha256":"c2293fa86d99d0f1f06b2ac7f85ae0517e4a3bacfd9946de7b012f04aa2d831c","sha512":"5f80cb586d6a9c04f1f3e550283694d99fdb98bd37298dcddf94b1add4da93dfa315d123cf6527fd051a012fd38c0f9f642f707ce9f914c5a7075747be7fc42d","ssdeep":"384:HsmgD0cC1mO9aJlKA9BsPsjL+baPkl5kaa4t6+ECn9CWDBZ1hZXjhY4ev+Vmn:MmLmHJlxuPl/FT1DXjhE8mn","tlshash":"6db2e16940090d26c0722a71d3b293d8774053aee2d60eeb86790d6eddecd933c79eb5","first_seen":"2023-04-10T08:44:25Z","last_seen":"2026-06-04T17:36:17.837455Z","times_seen":479,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/facebook-text.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/facebook-text.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 12239\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:12 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eWCEC6yvEXP9TC1uRwBof01WzScUHALUso2UN9942t2lsFKCA%2BNF0jpsbGSOvWkBxmjRFx8paemFVNr%2BEp%2FN6zcgE48qnNN6d3SLMR8Rpm0qbaT2zsavsvMvjwkxfuHl22hS6b9apVPD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c68228e42efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":12239,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 604 x 158, 8-bit colormap, non-interlaced","md5":"c8469979cfb24192fc638efb7784a921","sha1":"ff2f9c8fdb233dc3bfabd2ecaf11cbb70791dfa3","sha256":"0cb512d932e3ad625dfb6c1ae0d47e1dfafecdf31c9c7fd9c9677c95bf31efb5","sha512":"c8c113d704a89783dde9f471022b0e31ff28d91a3c7215721888ca88f99bec20453dea73027fbdc19e5c71f822e85578fd79430db3605532d7ce2588d1a52e30","ssdeep":"192:xNjCISJry4NhSGkOLeNxXl8qhM4r+ilUdfXSjvi01Irb/mxLRxjqFli1nZ9END:xNjCISJry4hSG1eND8qBSi6dfXSjvpIb","tlshash":"c242c04a86a4132bd1ed19cd61b7102e211ebdc62837133297fcb06acd42a4fe23590b","first_seen":"2023-11-23T03:47:17Z","last_seen":"2026-06-05T03:08:03.251103Z","times_seen":198,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/Discord.8277bca0.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/Discord.8277bca0.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 5224\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:07:42 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dKnbXSJSmOJGzEpJb0ULXng%2FWFpvzIB2BYrG4Mzh1SI9AQE0H5ICj6tFH2fg0Idm%2BvmTZsg2MBkIHko3rQ%2BYpGFJjxfF14ODYNPoIIolrMHdYRgqAHUKc34Z3LEPinBUYEB9nIFB6vaV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6815e1e2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":5224,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"8277bca0aac01af0b679d71f4de55459","sha1":"e06892977682cd5f57c31245ff7cc8efb14c92f0","sha256":"25157739816315d396c664fd1f45336d8ab8bf9d768aa911e93cbebc95614a58","sha512":"6bd7888fe29f4c12a4924a655e309d52d4250e07988304f4896dd66d676141c3faaf93198e34a1c78fceeff1515caa62e70ea9a701a4c97df847c1a66b7069fd","ssdeep":"96:JJnyJW3IWaylbEXSDOt03N8ddUYyUPC/rQWfMclX6Iys1p7WBh5aF/G68+:yUIVylW+N3NbOqMnclXnjCBEH","tlshash":"b1b17c64aaa44ca9f0f2fbc58a4c7855313e611f742faccdf1365cfa41205082af3a27","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-06-02T05:48:42.980308Z","times_seen":364,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/f644d93a5ba145300f682e0e30f9a7c8.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/f644d93a5ba145300f682e0e30f9a7c8.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"37824cbe67c3be351a2e81a107fc97f1\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:21:20 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 3570808186415317985\r\nx-cos-request-id: NjZmNDFjNjBfZWUzNjEzMGJfZDUxMV83YzBiOWZm\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDczMzUzMzc\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2942\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 1758597364338340744\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2942,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"37824cbe67c3be351a2e81a107fc97f1","sha1":"b9bdb630acd767c5bc002fa0bb163c0c59624088","sha256":"62e76c8c8e23ebc81dbc6b790f68d9c70ba9464b77cdb0aebcf3da2a09302654","sha512":"0c3fe85542477d8647e71a1cfbab68b0355c2ab079157300210f04992748e5445834db9391a4c3f5aeb141b2c1b9f2530f854eadbcbf6b3411ff8e001ffe15b5","ssdeep":"","tlshash":"7d517da1b3bcff2309e1968ce2db0befe63ae601272159151a4d4420e31101e019f57a","first_seen":"2024-10-30T20:47:39.037984Z","last_seen":"2026-05-09T11:43:13.812874Z","times_seen":16,"resource_available":false,"data":null}},"time_used":1768,"timings":{"blocked":707,"dns":223,"connect":25,"send":0,"wait":26,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/0a1b4dfa75b238ba484ddbcd009d0cdb.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/0a1b4dfa75b238ba484ddbcd009d0cdb.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"25a17b47e2b88c8e7a99224def3543cf\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 03:36:04 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 17448377255871127783\r\nx-cos-request-id: NjhlODdmMjRfZTgwZTc5MWVfMmQ0ZGRfMTlmY2YyZTg=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc5NTg0MTI\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3554\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 4701790219987729282\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3554,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"25a17b47e2b88c8e7a99224def3543cf","sha1":"002fceefa2fb7b4bac37629836f405f3ba721a66","sha256":"be302378bc3a5447e76b46908e654df7a6e0da64b0eecee2279d32cac26322b0","sha512":"491bb066800bd52a14e0d3baacc969a5c6e4881df4bc78c0be2f748d0b97cfedbdf75968a590cdd29acde16160f822c4d4f2cbb9284fc4daaeb49d2a9e846c0b","ssdeep":"","tlshash":"49715ead7b1443d9b557fc6626c4dfc272804f1979305bbec21d86bd7448e296c084d9","first_seen":"2024-10-30T20:47:39.067833Z","last_seen":"2026-05-13T13:04:07.333851Z","times_seen":18,"resource_available":false,"data":null}},"time_used":765,"timings":{"blocked":663,"dns":0,"connect":0,"send":0,"wait":75,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/25a8889049a89344ddb6a1d99fddacd3.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/25a8889049a89344ddb6a1d99fddacd3.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 08:38:17 GMT\r\netag: \"c215c8e11cb084d49e5b9de1d4a95c90\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:15:23 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 9041043765420463187\r\nx-cos-request-id: NjZmNDFhZmJfZDJlZjc4MGJfMmVhOTVfN2M3ODAxNA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NTk0MTE1NzM3MjI\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2977\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 615512155563922554\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2977,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"c215c8e11cb084d49e5b9de1d4a95c90","sha1":"fd583e8bfe1389b58f1bf6356518e26c686b09c0","sha256":"74bff356ceca1af7fc6b0603fa11cbf7a5ac5eea8d0acc6628a88e1865203d95","sha512":"8d257be119157948296ef67c0a1359f549bfcdf5128036007cf97bc186276af5607cb898af4ceff27e3eaf748a682a5df1b99c902128a9dd027859c700693757","ssdeep":"","tlshash":"8c510904e7336703da49b83574f9615bc6791684fa93e069e8fec9a609720f08d525cf","first_seen":"2024-10-30T20:47:39.008354Z","last_seen":"2026-05-13T13:04:07.237622Z","times_seen":18,"resource_available":false,"data":null}},"time_used":747,"timings":{"blocked":646,"dns":0,"connect":0,"send":0,"wait":56,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/60855adbbdc396b3a4c349f14add0d69.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/60855adbbdc396b3a4c349f14add0d69.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"3b6531a792234bdf9571cd6a8561b6fd\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 03:36:03 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13581828408463138716\r\nx-cos-request-id: NjhlODdmMjNfZTgwZTc5MWVfMmQ0Y2VfMTlmNWIyNjY=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc5ODQzMDY\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3177\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 989089981600978715\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3177,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"3b6531a792234bdf9571cd6a8561b6fd","sha1":"2029d4fccb902e1381170523cd6bbbc62dd77cdc","sha256":"06ef03fd9107c454bce3d7393c802402d4b6254440823fadf5b7d16107b5382a","sha512":"7db8acd72e70105c7d0e1dfdc2defd156a9113f4fbd4ffa49843e3b1de97dd11c05b8b1036715e5680832033d664480918a45aa837c58915883819dd58f406ad","ssdeep":"","tlshash":"22613dcbf715f9a76953513a513eec24521b7d980158c6cccc9bc18fa2c51ee20d5eca","first_seen":"2025-01-22T15:28:39.220065Z","last_seen":"2026-05-13T13:04:07.218913Z","times_seen":16,"resource_available":false,"data":null}},"time_used":723,"timings":{"blocked":642,"dns":0,"connect":0,"send":0,"wait":76,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/c1e8cfdb317c02f0892c59027811a97e.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/c1e8cfdb317c02f0892c59027811a97e.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 08:38:19 GMT\r\netag: \"a5e078ed46cf0c3027950fb7f5ad62ed\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 02:39:42 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 10577499968579057018\r\nx-cos-request-id: NjhlODcxZWVfOTE3NWI3MDlfODgzNF8xOWRmMWQzZg==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NTk0MDk4NjY0MTU\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3920\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 15604526978446294626\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3920,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"a5e078ed46cf0c3027950fb7f5ad62ed","sha1":"0e24822ced161ee4e8467008565250880032cbbf","sha256":"892bf5c3feb460f2a3f62e3bf7f912738ab3ac59f4b7172cf5795332e39b67d1","sha512":"b9054b711bfda15423543aa7319729f466741bc2b7ea8d13c07f7f75b0906c6b841141881b39829f5b3489371a0f630c77564cd45b30e8dbf5b54bc6bff5ce6e","ssdeep":"","tlshash":"59811717e1b23b52ee98c47735fac00f1a2d59d025c56508b8ffd1aa17b44f81b6a0db","first_seen":"2024-10-30T20:47:39.142108Z","last_seen":"2026-05-13T13:04:07.249506Z","times_seen":43,"resource_available":false,"data":null}},"time_used":720,"timings":{"blocked":639,"dns":0,"connect":0,"send":0,"wait":76,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/2f41bd3cf12ec520f03bda90a4d68c59.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/2f41bd3cf12ec520f03bda90a4d68c59.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"749b5bb9326f07330244e0839b8cfd94\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:15:23 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 4357609762427031897\r\nx-cos-request-id: NjZmNDFhZmJfZjgxNTc5MWVfMjE5MzVfN2NlN2RkYw==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc3MjU0NTM\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3286\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 13533635736416320226\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3286,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"749b5bb9326f07330244e0839b8cfd94","sha1":"93d3987eb336bb26c524bdc636f4a23118afee0b","sha256":"720674c55c4e72f335bd33974da2ffc871c6405fb31be3128cabe939baf1ed71","sha512":"2f464b1df087df803218b46259a532f4994ad27ee38557831783fac173e39302452d9acf68052c37b24dea7d7d9f75e1368a050242f80eb29e5fb15b9a959bad","ssdeep":"","tlshash":"4b615b951a773c365290eea81336108a7bad60b16a1c405e1837363ecc98ac5bdee339","first_seen":"2024-10-30T20:47:38.982315Z","last_seen":"2026-05-13T13:04:07.233657Z","times_seen":18,"resource_available":false,"data":null}},"time_used":717,"timings":{"blocked":638,"dns":0,"connect":0,"send":0,"wait":75,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/7309.5f36e764.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/7309.5f36e764.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 6521\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 14:57:57 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:49:22 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 425000\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=llvn3ztNKjt8Y1wV97ZPPpN3uge%2FyIUxpd6xshSfimNmY0oOvpD6Pm2xxH1BHcjMgbubPlhdZXfItoxKnOC73sM5GENWFRisOp7FB62FYzcjpqY10cPkb%2FN5axs2UVHb0E5Fcvz2kkuT\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67f99652efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":30249,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30249), with no line terminators","md5":"3a9fad777c99160e99252898ad59b1ea","sha1":"6d7904e412c7730160b4e7c7465f6f27e724929f","sha256":"91c5801ced00f93d75ba875463d1ffe05b43fe3e6a22e571252d6b3e86b26b46","sha512":"342d1f5af058566a2352c6546aa9f5e081883492358aefb0b740b8d1f7f549fcaf76f82a375fd27c6d3343a6806d44c67e2abea6b016e75cd48dfba0ee430f8b","ssdeep":"768:h36dFjVXTli9q0lZ5vQhrcEri2jA52LnahXn234hG5:miQQ5vQhrcEri2jA52LT","tlshash":"c5d231d2b92cfd74743ab441c74f88a95e86acfa58733cadecc794c877c1a656205283","first_seen":"2025-01-22T15:28:39.082028Z","last_seen":"2026-05-13T13:04:07.324896Z","times_seen":8,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/bfea95059a8a754ded3eb4eac49cf727.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/bfea95059a8a754ded3eb4eac49cf727.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 08:38:18 GMT\r\netag: \"c9c7250875609f2d88e68aed1d119ed3\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 06:22:44 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 10760011618917408615\r\nx-cos-request-id: NjhlOGE2MzRfNTY4ZjdjMWVfMzE5NTVfMWEwOTcxZDY=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NTk0MTE1NTEzNDA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2658\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 7730200436319953543\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2658,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"c9c7250875609f2d88e68aed1d119ed3","sha1":"40dbdecbbb8792d85aa091c9605b82fe21fe7b94","sha256":"b5356844a20ee1ec27862f19e8cc2e09f383bc41b0a5b27062eb2ea804526ad0","sha512":"e1bad15950620ba34b27a3b1789fee53eca873e0a19ce3e9091d014963943715473aa41dd330b7b93c670204d9ef8bc95859f4d6073fbbbaf4e07f97a40b563c","ssdeep":"","tlshash":"2351191bf0522703fe8ccd7062f1917b6e4955c0b9d2f7a9a1f7e00799604b6c40d2ca","first_seen":"2025-01-22T15:28:39.221024Z","last_seen":"2026-05-13T13:04:07.274044Z","times_seen":16,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":690,"dns":0,"connect":0,"send":0,"wait":28,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/close.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/close.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 1170\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:48 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ID3G1%2FGfmxwF6WNWSMM19hW%2FFnDewFplkWb%2B3iCYG8RNcn4K9WszJzV7IY74sQ1QBoTSPn7RXznu0cOdFob%2Fnjecth0B5UK6iRHXNRhIIXKUlUt3pjKwTqf7BJNaCMWGATi1oTrn7mGd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682daf92efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":1170,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 43 x 45, 8-bit/color RGBA, non-interlaced","md5":"68fb5b6f86421b10e17cb96a65cbe4d3","sha1":"80dd39fc67e874953d49ceb2321a1147d0018821","sha256":"d0eda953f3d7bb15aa078cb44b27702566108120d8b9b37e9a3324e2b767aa08","sha512":"ce1acad1d513c03a18e935cc6a9901bd828e63417ef454b11f002a8da58b833c993f170e9cb483e2b04d2b29e25146c509176183966584d21dfaa3dffa975998","ssdeep":"","tlshash":"2821c6c40c38049ed54bad25132e40a8ab19f075c25a12fa6c3ea63a734f73525b2f6b","first_seen":"2023-07-14T06:38:20Z","last_seen":"2026-05-31T06:09:53.745668Z","times_seen":254,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/kotak.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/kotak.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 12543\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:50 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nTxFdQ%2B2beYqn%2BqcrOzZygVyw0MgzEomR9IWTHhw0ZwlL4snIPY6TUr8hoBYlSBKR5YG3T%2BoWxT15oFSnxjx8uleqfL5bUhvdZrh%2BSee9Eq1dcxiCIBXZ856XbG4S1rThAGmypIw0Nb1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6847fa42efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":12543,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 396 x 396, 4-bit colormap, non-interlaced","md5":"96998f93318eeb1ebadbcb472410be96","sha1":"1539b22930c46c466425015b14fdac2b3b2782a2","sha256":"693719b4fc80e357b8adf14a5aa17f3cc4ae6e757ec8c2ad05cf5060eada7a07","sha512":"4d3ad974095d6a2c7e3344d34e621ce855cb1519f9326ab95e5f941d13a38f30686a4dab4729bc2472bfe045559dd0ee0aaf7a37b132dbdb1771d12b2f5cfea3","ssdeep":"384:uFls5m1PVT5RxUaC9w2ggVyX7D1atXIGMK:0s6BxUaqlnVG7D5GMK","tlshash":"6d42cf56208695bde506a3ac595598cf24c1f59db5bab0d7efcb3dc42ace318308b331","first_seen":"2024-04-29T19:19:01Z","last_seen":"2026-05-13T13:04:07.19503Z","times_seen":31,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/bcb080d61e19bf094ecc4297d1baddc1.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/bcb080d61e19bf094ecc4297d1baddc1.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 10 Sep 2024 02:24:20 GMT\r\netag: \"cf1477578e85ea473c4bfd4068adeac7\"\r\ncontent-type: image/png\r\ndate: Tue, 10 Sep 2024 03:12:45 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 12296676752358814526\r\nx-cos-request-id: NjZkZmI5MmRfOGFiMjQ4MGJfMTExZjlfNWNmMzY3Zg==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwMTgxMzg2NDg2MzQwNjg\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2683\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 9574618065698652391\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2683,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 80, 8-bit colormap, non-interlaced","md5":"cf1477578e85ea473c4bfd4068adeac7","sha1":"43120994f89f4dfdce6dfa5621375f79b0e28698","sha256":"5f54f14d61306892a6c066e7c8fd68ae8f55d5c9a142e550bc4cc5cfe2a5a6c6","sha512":"2376c9d465f2349205e71ee169e826efd5e9a0caf7d1db8fb4b8a0b5ce6111c5776ded2d3997f48750cc4394d0f26c3d8bf039aa940b1433a2bff8cf769534f4","ssdeep":"","tlshash":"c2515ecd84e1a700751115499d2d2a64443e7e0733543b0e5265fd3ca5334db2ac0ddf","first_seen":"2025-01-22T15:28:39.189869Z","last_seen":"2026-05-13T13:04:07.291412Z","times_seen":16,"resource_available":false,"data":null}},"time_used":744,"timings":{"blocked":643,"dns":0,"connect":0,"send":0,"wait":56,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/twitterbtn.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/twitterbtn.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 2167\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:20 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u5C4xA%2FwWRsHRXKhi9A3Aqe0GHB5V41fm6%2FmX4exk%2BnBCc3xsfI777eHzFfEbF79kUH5eHzUFXW0GG5%2Fgc2BZ436LGz4wUmmr8Hy0T9kGLlIzdV1OT8mP7lbM5NT5YQpdlBIlfrI5XkU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682fb2f2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2167,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"80d9b5e608e0427576ce2f7d56d0a592","sha1":"4c1ce1d06cb6b2b3d4cca8636b14e109bc500d50","sha256":"cfcb8009151ebab2ac10399ffa57e2724834ad374e720e77e5c0900e21ed6fde","sha512":"2c677a5bfdb03ca9fa18cd81ea331aa1e93330f4e680e13aa65d03f97c5a689d6556e0aa1af613521f6e8f11b23e21367ad60a7e73a68038b1be043d132435a8","ssdeep":"","tlshash":"5e413cd67bba1c7b87b69236455a0921ab70d251932cf0200c5cedf31d4481092caddb","first_seen":"2024-02-22T16:27:48Z","last_seen":"2026-06-02T05:48:42.988552Z","times_seen":177,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/js/lenzz.js","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/js/lenzz.js HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 3302\r\nlast-modified: Fri, 10 Apr 2026 16:43:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\netag: \r\npriority: u=3,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8GqtmxzuuiM2D6OQTMGPkhUMVMIujfoEHIJFrGM7xbIfcy2RITR4QRlDlLVv3jiap9sio4PquZGbuD3vY6ly6VKupBN3RU3EpXu%2FjGIXk2EQMHT83wmjo6PSPWghL3FROeU716gFWa5L\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6849ffb2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":24871,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"3eaf768eb5c62170052321c3d51123d2","sha1":"97197d9c04b5cfc0d69deb06e89e6160e3d7d2ce","sha256":"674af14f7bc94ed61f836c353593fb1109c5e827ea603637efd0b64e2b8d0294","sha512":"ca8747e5c0833a34df95bb31436e18f51d1a362676284bdba16937c1780cdf69b2b8ef12fda9d17f97c9dd8b25f2f0c4e4d42ce0d96606e744e74bf4722fe33a","ssdeep":"384:veivMiyzYFBr9R4FvLk6coOnfptdbxeQkkQqoflTvY0tHwGtCAVa883K0/:vvvByz/co4GA/","tlshash":"40b20009b6d61d952d37a4b611bb40043b5c580b150adf08f86d6ac82f50fbafe77a8e","first_seen":"2026-04-26T02:12:57.024031Z","last_seen":"2026-05-09T11:43:13.841641Z","times_seen":4,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/%E9%85%8D%E5%9B%BE.fa450254.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/%E9%85%8D%E5%9B%BE.fa450254.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: text/html\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\ncf-cache-status: BYPASS\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tVc21R6thLcvpgjpSxNdhe5c8UabrFFsrDtuARq3YBwHQ7PD7FFg44UfjoNu1a22wNX17BnoQGJKKZxJizC6BjY2bYgiqerlXyNiUmyt%2B7Y8Dgcow5kOeBTDfJG%2Fu3k1JdAY8l9TjlJL\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9f25c6812d9c2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-08T22:18:03.592945Z","times_seen":132704,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/public/c92763068a5478ebdc393cd4f562e8a0.jpg","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /public/c92763068a5478ebdc393cd4f562e8a0.jpg HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 07 Oct 2023 08:18:41 GMT\r\netag: \"b1ef3a4c526fab33ff2d61e70691b5c3\"\r\ncontent-type: image/jpeg\r\ndate: Tue, 20 Aug 2024 09:12:47 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 1838305195991445584\r\nx-cos-request-id: NjZjNDVlMGZfZDllZjc4MGJfMjE2ZDhfMzcwODcxMQ==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNDc0MDY5ODc2MzM5OTk\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3160\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 3991984961987296176\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3160,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"b1ef3a4c526fab33ff2d61e70691b5c3","sha1":"8c45f00e9ebd183e98e4aba34afb9fbac36fc5fb","sha256":"9b317e8849ef1840d10379afa7a9541a6aafaa6ad1f3d97e97051ed0ae59cadb","sha512":"c2199fba35c8f7746eca59e6fda0a705ca37966ea8faa25e34aaf697833fd4a115fb021e91a1cd1fcbe325b92cceaffd2b4f5d43f32f2ccb0f71db7cfc793661","ssdeep":"","tlshash":"7a51f94bf9625b03d600d27624f786375b6852c0ed63e06cb4bdd81beca10f99a627d1","first_seen":"2025-01-22T15:28:39.172827Z","last_seen":"2026-05-13T13:04:07.211741Z","times_seen":16,"resource_available":false,"data":null}},"time_used":722,"timings":{"blocked":627,"dns":0,"connect":0,"send":0,"wait":74,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/1889.06cd5bb7.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/1889.06cd5bb7.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 17044\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:53:44 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SrqqtFBnPmsuzoOe9fJLyBfQ2%2BHVTgUOkEAMGE6FxPm0Evxkl%2FaG%2FB5dD4KA%2F6ye3HHBB97MbZOebNJcB%2BASqvcyAUbzIU35yg52m0QZ1SHyeMeRsv%2F1etAVKBYUqt644S%2BrmJ3at1Oe\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda202efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":178455,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d149353e4982c7991830b57aa0b5ea8f","sha1":"35721d92288de33009fb8d6534bf5395d0228bf7","sha256":"5e64ec5e3c386f1295276e7947002765a4e2f2cc26ce7b0331f0f2dcd1b18f0c","sha512":"0060a4e3a4f4e92b30532a0190fb7b7b525c486571ae158a3adf4f6bf4fc3033601a531910884345c18e3f01bb2fc258c0e9034564192b23282cc938f23712ea","ssdeep":"3072:ZbBbEI8IQIsId+Z+z+Q+ZnmnynSnT6T6t6I6ldwdkdwdd595n5W5jyKy2y/yOQns:x6q/onB8f","tlshash":"ce04f865c9108d39f97e5f82fa8740f91114dd0263a3ca3cf945e92ed3ed2eea22651c","first_seen":"2025-01-22T15:28:39.09562Z","last_seen":"2026-05-13T13:04:07.18352Z","times_seen":8,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/824.df542587.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/824.df542587.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 20537\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:57:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MWTPHx2zbR0y8uUk2FQqQEoRej486B78R%2F1Y%2Bsh8iC3EsotKqfUxjZ%2BCKPXLu%2FLeys0lV4Ifq68FtUIw3%2B3cne4VerxwjVXNSac2eXy8TWvwJtHpfggBRalT2PJbsLhyDwrgThRusCeq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6800aa22efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":179685,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"3bd2eb0bfedc2fb4f6bca9e0d3fc2266","sha1":"9182f064eed7d6420051ec3945c4c5085b350059","sha256":"a020653f7dcd9cf6305edc9a0b6c081602f0d6c5ba67e8658d831071208ca652","sha512":"adc731109e0de18efb5478d4b32e6942645fe3bb338955d879f121b774b3cafad75ff1b7e9543710969c2188adeb055ed22c412a079663ff258efbb6a279c6dc","ssdeep":"3072:eVeVN3+XWjX7rKSsreO5LwIVZ0akR8oax6+xrQqQp8vQJCjrTZp3GRVbVyzVoUro:IepqiP","tlshash":"880476a2a0820ae6b576ff2bafc6cdca46355ec7a5431cbd81c6d22381d15f8b35d108","first_seen":"2025-01-22T15:28:39.119573Z","last_seen":"2026-05-13T13:04:07.231898Z","times_seen":8,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/tokens.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/tokens.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 29942\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:56 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=au4xn0iu0bZ0x%2BL7euO2kN7vLcX0ffpSO%2B8h9GQre7DXuSR0bLw%2F%2BhPGnv%2F0FdeV%2BA7xFx0NRFuR7U1tQbWT7qTsh8TauOWQAN3S7JpOVwqEvZ4Nxj%2FLIH85%2BRNC2QmDJlmdXsa6WYXb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814dd32efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":29942,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 135 x 130, 8-bit/color RGBA, non-interlaced","md5":"d02c9d4d558a113e2aebd45c7d8237dc","sha1":"edd72f80a319adf3fec2f3f061c1b82d6bf59aa7","sha256":"7fb8131422bba9cda088005359870721b090dcd043d3cea030367be68c6328a6","sha512":"81fc37e296d450d71c8581bc49d681546fa6e5a32456b9e9463fc97ef9d4013f95476b521b3298c48fca2f93e5b3b1e08050d44e2a40a366c18ff81ce330cacc","ssdeep":"384:d8lsNP0aaonUDdKzrxQFq++i1gPf/DLKnNjSTqSph9WfdNo3pl1U3VieMlgNfWk1:d8+NP46CKYR1gPXW5STvBWFmRaLegNf7","tlshash":"98d2f1421cd2d07e2a4ba7ef8efd337f9a2765710068ead4b299dc1b003724a75e5970","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-05-30T18:01:54.041344Z","times_seen":266,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/3f257e30007c6b106700806f33f68c1f.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/3f257e30007c6b106700806f33f68c1f.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 07 Oct 2023 08:33:50 GMT\r\netag: \"e1c044a9f27e5341af0240977fa9bb1f\"\r\ncontent-type: image/png\r\ndate: Tue, 20 Aug 2024 09:12:47 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 14662779507684792094\r\nx-cos-request-id: NjZjNDVlMGZfMzZhZTRkMGJfMjBjNjNfMzZhOTBjOA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNDc0MDYwNzkwMTIyODU\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 4746\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 6044830573333653851\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4746,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"e1c044a9f27e5341af0240977fa9bb1f","sha1":"a236b581e6f8818f516ab468eee86a7ae843c270","sha256":"77ade61328510c55deabbdc179c3b1594b3502d8ce00206605de1d8ef0a8dc10","sha512":"881b24c161f8ba6a46bb3c19732a5a951e1e1569cda53d9e456291924bf90b66afa16442d813517fcafcb5329f9285fce0835c7e76522453e571e379a32e6e04","ssdeep":"96:uVuFCNwpmvpE9GzPnREyt9B6a7DKmQ6nSqmWxxO3:EugvveKPREyfB6aBRGMC","tlshash":"aba17d97a28b3673c5edb1b2584004e663229326325ea2ec9b162c0fb6b0303fc506d9","first_seen":"2025-01-22T15:28:39.222916Z","last_seen":"2026-05-13T13:04:07.19424Z","times_seen":16,"resource_available":false,"data":null}},"time_used":722,"timings":{"blocked":641,"dns":0,"connect":0,"send":0,"wait":76,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 33018\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 07:54:06 GMT\r\nexpires: Thu, 22 Apr 2027 07:54:06 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 364033\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":92629,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-06-08T22:08:27.374056Z","times_seen":68632,"resource_available":true,"data":null}},"time_used":582,"timings":{"blocked":247,"dns":11,"connect":9,"send":0,"wait":9,"receive":4,"ssl":295},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/style.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/style.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 1568\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:14 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vgidr2Mx5rCeYiLjI2DGAtzldXcWvqfAahVz6l7M%2FCDJw90MieECRfV4di1I7hjUAdVlXD0uy0GdQkfPesmLDB6Joy0K4lVEZZp47d3rslFbwcB4drdEwvZREAumO2ZMpX%2B9BSmW2I4g\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6806b942efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8992,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c6a0e3948741cb54aec7f36827342d6e","sha1":"6ffa27eab3ae3ed5ea598db29f6ae457667fc566","sha256":"cc9f50b9f0acf7e86d461d515b102be25d7cbb7f0b644b8b0648ef480c5591c2","sha512":"4dc20904ca9426fc6c1564008263606ef1793750ae5204607aa25fc73bfb9503dc524911eff9275b6d75b66561aec5eeb3ab12ff3a26720aac133f3ba4ed3a40","ssdeep":"96:RCUXcUrTFNY47UCUoVHLwjev/hYLrgDND+5VqgqbIwOQBWjNdUW7MtYUjYTsY4YX:dJYb2LIUJy5h3S+7","tlshash":"0a021421db16204df236d5f8fb7127a3ea012547978f86bab9e07054cfe196c26726cc","first_seen":"2026-01-20T12:19:47.905574Z","last_seen":"2026-05-09T11:43:13.718658Z","times_seen":8,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 18778\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"64cac444-495a\"\r\nlast-modified: Wed, 02 Aug 2023 21:01:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 538026\r\nexpires: Fri, 16 Apr 2027 13:01:18 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n30GyK6e9IaBIr63aBq0ydowrgxIWQzcvTGc9xnsmzc6nMSijNMOC93edT61%2BNVSlvdPvgvXv1iwednLlFD3El6B9%2Fcbend%2FwMrdH5KrrYCrIvEH2FzBnB6AL%2FGYUP5%2BIXFVDV0T\"}]}\r\ncf-ray: 9f25c680ba6875ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":102217,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"5222e06b77a1692fa2520a219840e6be","sha1":"8b4236206a8b86af3761a244277663046d7ff7ee","sha256":"0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5","sha512":"cf780ba5def29277f562835b0b3a9129ce2aca8afc81a294d6a9a7f824a1c5bb81bac00d23d42946884606b7821642b12e17a2e92f424171446db2aea8b8340c","ssdeep":"1536:0wMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuuprrlCq:M709gMGFiyPGuuprlCq","tlshash":"09a3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-08-04T22:28:10Z","last_seen":"2026-06-08T22:02:34.108126Z","times_seen":43373,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":11,"receive":2,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/7bc1bd1d7d6bb6740dab72c08f5a65de.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/7bc1bd1d7d6bb6740dab72c08f5a65de.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"8a4a36ced8460cff6621203b4a8be599\"\r\ncontent-type: image/png\r\ndate: Fri, 25 Jul 2025 03:14:18 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 5559300856640754477\r\nx-cos-request-id: Njg4MmY2OGFfZjgxNTc5MWVfMjYwNDNfZWQzZjVjNA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc0OTYwNjA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2399\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 6268709717077381125\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2399,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"8a4a36ced8460cff6621203b4a8be599","sha1":"345dbccbe726602e863c86c9b10cc9a7b46b2152","sha256":"fa7f1acab16c0bf21fdb72566f0d86176c59d2489d16891ad31a4abb15e1a616","sha512":"fa69a21063d5d034c0b839b853d3c57ae7a7959034003a9b77230ff0c9103cf6aad22dc5d344cb118096e4593985d29e001ff8a6c76561c3ae750eb60e469863","ssdeep":"","tlshash":"5a410ab51ba4e4d9b66aedb0727437641b7e0a36c884df085af983043b3d9940f85164","first_seen":"2024-10-30T20:47:38.972314Z","last_seen":"2026-05-13T13:04:07.297297Z","times_seen":18,"resource_available":false,"data":null}},"time_used":755,"timings":{"blocked":654,"dns":0,"connect":0,"send":0,"wait":56,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/bc39cd5cf4e6cd018cd48fb70ad91d2c.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/bc39cd5cf4e6cd018cd48fb70ad91d2c.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"4a6a3b7d9837b8f7207a3c41151338f7\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:36:36 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 14809323883257438907\r\nx-cos-request-id: NjZmNDFmZjRfZGVlZjc4MGJfMjJlMDJfN2JlZmY4MA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc4ODQ2ODg\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2784\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 1017413632247307652\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2784,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"4a6a3b7d9837b8f7207a3c41151338f7","sha1":"a4aab93f9794a5e361beca68c9d5d734d011c989","sha256":"45b2dc66f7911350083ecdc7a31798f7b1d34e997da51001f514918254fdb9f0","sha512":"a3a1d60d15d1d5a8d4ee1936ec4b73684015bfe2f06096fa466dc26d4cd0278484c7f776f0c0278754e64ca1b3d97a3b1a152c250d2b69acc7636100ef656ede","ssdeep":"","tlshash":"71515c1d1471807dfae6dce70a2c7b7038e01e01469fc47432559ca9a7a308c2856e8f","first_seen":"2025-01-22T15:28:39.169687Z","last_seen":"2026-05-13T13:04:07.295686Z","times_seen":16,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":634,"dns":0,"connect":0,"send":0,"wait":75,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xmidas.specialfors.com/","date":"2026-04-26T13:01:17.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/ HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xmidas.specialfors.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gT8G1nXa5A5LpTfCezrEm43AWJ%2BjVT%2BcYmMkGxgCstfyTq2O5k%2BhPUvM1vgs6QvUMlLbTQmCUYtq6FDMS%2FjV%2B6B0paglzprvxBC1sy2ajdCqPr%2FyNP%2F4LR%2FX%2F0o7vQgkiKTfLEn0JhcP\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 9f25c679980b5699-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":211873,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (13376)","md5":"1a8df0239200b0e7db936daa7f6f1dad","sha1":"282ee5d05c4ebacf782c027fe4a75f0d571845ed","sha256":"9ab4134d4d3e9a705e9359846b253a43ee7dcff90412bca7be052744feb8ca04","sha512":"0da5958615ad3203aa8b469baeb303c197a122f84b57c86432904c0c6fc7b62ef8b975719fcf37ee4ca55cca162326cd9df97f3479b19768da9184a7f0c36370","ssdeep":"6144:MTgPJVD4YmP1rmnQnWBMurQq09bY2urAC1M992hlt48s28BFNhsQD8FZSt:MTgPJVD4YmPsQWQhZBhfD8FZSt","tlshash":"03242a4161c17853134346f5733b66dbf06549aae64b0c0bf2a8bad8fbe9c46dfa1930","first_seen":"2026-04-26T02:12:57.12462Z","last_seen":"2026-04-26T13:10:26.561972Z","times_seen":3,"resource_available":false,"data":null}},"time_used":904,"timings":{"blocked":56,"dns":41,"connect":1,"send":0,"wait":786,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/5012.b5b75575.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/5012.b5b75575.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 5521\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 14:57:57 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:50:14 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 424999\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=prEEdZi3ZHT7gh99%2FHrrQNCsSntcSsFnlfr0xnAbili8Nfj%2Fso0NQvv1YLEOJyHKw2gOthbkKe1SDYKEh%2BXllVq6ixwkJnhCRy%2BmcbhlYL9toPfjPxsP7S4IQ4AAbHkBUg6jcrFUgYIG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda152efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":29158,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (29158), with no line terminators","md5":"8f32c5d58ed6dbd90eecbb5e9cc2a15b","sha1":"b3392126c2ba02721c6e1b461c6200bbe51d137e","sha256":"0100e5f1c770745b4322a1f0c3b75665280dc000b262838ed4e9dd12396b2be0","sha512":"6f224b4c95b2af8c91cfaa02e0321911a85cd9fc94f281182fe8a13612fd89335bcfd08ea5f714aeddd73138653335a345c1aa6ed1e523d696b6a7058f076540","ssdeep":"384:GackASjxqjkwEHCpSqTq+0/YeVp3h05iwEHCpSqTq+Ade:Ri9qZni9qbe","tlshash":"e8d2d7e1df30087eb57bde7bd676448b0a5c6702b352237eb6ce6bd753807a4581a028","first_seen":"2024-10-21T08:04:20.251265Z","last_seen":"2026-05-13T13:04:07.300442Z","times_seen":11,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/4306.fef4861e.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/4306.fef4861e.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 5966\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:53:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3ADDRZIlprPlM8GAzIqwrX0WqJH8tXK%2BP%2Fh5KqpXitEy6IqgaFYkruCzCb39rwwZx6WZSpj7gr67MD6JzU3OP8VaDKDoI7SKVMEos%2B5eJ2m%2BEeWoOTagIHQcGbKW%2BOrEEZ5J1D3sYF0I\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda1e2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20939,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (20939), with no line terminators","md5":"33d6dbf0fbcb68d9a470f931b689e0e1","sha1":"b4b91fe1c955431473844c67bef0b61cc28611d8","sha256":"b59db49abe4a00e9056980d9df041e16b6766a2d8e6543e0baf2c5cfa0e56404","sha512":"7fb8a4bec3f53606b41aea430b02b2cb470935423ff275d3c89643d0c51cec86ea49e05f93a9b4352f1af39060c9d8e1eef07595371e80162d5c4749e4e2a83e","ssdeep":"192:fL399M79cgKU6CZmxr5PJTF+qHz80R3ck+q28LpB+qumqWv+q2OqWt+q2dxc+qzz:LRQy5H6PKwEHCpSqTq+sLyUH","tlshash":"289209f3c4702819bfeab51d86cb80491648b7cae692ddef62897318c5f129f31052de","first_seen":"2024-10-21T08:04:20.269031Z","last_seen":"2026-05-13T13:04:07.162867Z","times_seen":11,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/twitter.80d9b5e6.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/twitter.80d9b5e6.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 2167\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:07:18 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NixE8wK%2BataF4CTSL4pXGDvmODLatPfTeyGPGeJlSgR5oXlWE9QhwC4VQH4XUncmXf0RJRw7dOOlbnRTTM%2FH%2FSNZNvFl5UZ6gEcFYwJXCKKtOJZL4hgpF8nB55guXcjWTCsoBRvl9iFi\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814df72efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2167,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"80d9b5e608e0427576ce2f7d56d0a592","sha1":"4c1ce1d06cb6b2b3d4cca8636b14e109bc500d50","sha256":"cfcb8009151ebab2ac10399ffa57e2724834ad374e720e77e5c0900e21ed6fde","sha512":"2c677a5bfdb03ca9fa18cd81ea331aa1e93330f4e680e13aa65d03f97c5a689d6556e0aa1af613521f6e8f11b23e21367ad60a7e73a68038b1be043d132435a8","ssdeep":"","tlshash":"5e413cd67bba1c7b87b69236455a0921ab70d251932cf0200c5cedf31d4481092caddb","first_seen":"2024-02-22T16:27:48Z","last_seen":"2026-06-02T05:48:42.988552Z","times_seen":177,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/bg-item.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/bg-item.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 20086\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:11:02 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:46 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417017\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BrMCt37tIa4uHAkcq8bbVzSm4jOA%2FMjcXqen0jWVyjSveLP24DJfZ6u74OvMMI6VGKkspUVOcu6OwRycMQhQHzvJOiCF6E30uAX4GRdjxIV9gjDa5dGt7R0ujdHnVMpi3JNRpaNCnxkG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c687a8ea2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":20086,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1632x1632, components 3","md5":"bdf3142535e0b2558eaa41e064df57a3","sha1":"a1be2fc9d34c0bfb25eeac746e5533e2424be53f","sha256":"87b730c4e7516de36135cc25458deb7b30818e829c6c491f615f26f82b808812","sha512":"bfad575f7cf1a5b250ca9dcafa4bc6dc164730e8cb1fdf5d9a22a822ff5922c129385707936cfdc4b6f596b4abc86be9c0b5e8263c8cc6d7be5307e6caaa210f","ssdeep":"384:WTJ1Mt2wQiy6HIu1d4qlivUMmu19RXJaDOJlWp51mPYKhLyn:yWtd3Iu1d4xz9iElnLO","tlshash":"4e920773eba2a6d7c09c337585cb26393b1a0da7d25c5907a6c90d3478bb354bc4e6c2","first_seen":"2025-01-22T15:28:39.247493Z","last_seen":"2026-05-13T13:04:07.214346Z","times_seen":12,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xmidas.specialfors.com/","fqdn":"xmidas.specialfors.com","domain":"specialfors.com","tld":"com"},"ip":{"addr":"172.67.204.63","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-26T13:01:16.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"specialfors.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 15:33:08 GMT","end":"Sun, 21 Jun 2026 16:30:26 GMT"},"fingerprint":{"sha1":"C1:A2:B0:22:B2:71:8F:AB:7A:46:04:24:16:1F:34:BB:9D:9C:C4:2D","sha256":"66:EC:F0:D0:D2:35:0D:82:FD:9B:D0:65:DB:E1:B6:EA:7B:B7:42:17:94:98:7D:1D:A1:09:F3:F0:29:CB:B1:1C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xmidas.specialfors.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Df84g53SCgl%2FTO65GBLhYXQ5bs96uNOng7x7elGXGmKsWay%2FCaOlfc4J2wAzJi23%2Fktog309fzurlZwKnI6D2Kv4%2FwO5OEgcpeDgag2uccy4OQitBy5ey9oA7dN5qDevELKx7Bxaxwto\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nlast-modified: Sun, 26 Apr 2026 13:01:17 GMT\r\ncache-control: max-age=1800\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9f25c67279a65696-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"2046d26f6a941ea3d471db74068f125b","sha1":"38fd3b413b2d68975678095f022f84619cab50ea","sha256":"6c32080916ae87cc8e7c5aad665a16c3c347dec253898bf85094aa89a58c8735","sha512":"55c769a15d422c960d74d4411250630092a7d0fb9a6a28a54c1ed10ed280f2abc00f6989946a587d7dc0e69b417a1787a185122ea8b2987e44937797368c0c6e","ssdeep":"","tlshash":"f4211ea379144c2862a0c64c3db7b03461b54ae372652c70b6f98a8f10d0fcdc87b35a","first_seen":"2026-04-26T02:12:57.168201Z","last_seen":"2026-04-26T13:10:26.547722Z","times_seen":3,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":29,"dns":10,"connect":1,"send":0,"wait":640,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"xmidas.specialfors.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/7680.54f64d50.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/7680.54f64d50.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 10909\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:57:54 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P0ZAlZGKIA%2BhVuRoDEo2S6h%2BTiXqn4440Ahbh53GcJAYV%2B%2FL8c6xoPg7ElKhtYqpzFDbUFuTi67dbrgt6TA%2BvAdpXeFesr1a4PKxX36llkZWtf0fapUlXfCXOuZv4SC2YvbvkWSowaz5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6801aca2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":93142,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"10786a507cda767262127840d5017e52","sha1":"98c29e8e92d688b3e98ce9c2a61350cf9e2cd1bf","sha256":"9a7535ca49600ff8a8cedf8c4062a65dbf8b43a21bafa8e4a4cf1c58d66fbe1c","sha512":"1ea40022d683ff61f62d7eaa1cf8f8867a694926165538ff36acc8b98ac105603f8198b10942e73923c6087915aed664c8150068acc0b9bbe5ce9fb291bcfcb7","ssdeep":"1536:ItiQSK9SEGf2qutV1eTZZlPsHlviQFymFJ83G2iQFAQDYGlwMYpjL3hiQAGQ:+VSQSEGfc4ZZlPsHlvVqV8GlwMYpjL3m","tlshash":"b29384908c02889d737b7da3d6af9e5cc794467b63e30778985c3bd78342ef52a21894","first_seen":"2025-01-22T15:28:39.097986Z","last_seen":"2026-05-13T13:04:07.259071Z","times_seen":8,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/2061.c1b1bdd3.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/2061.c1b1bdd3.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 91972\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:58:10 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c%2BQyMxTjWDUX9tG3k%2B%2FlXZ5b2CQ99ySD20b3%2BtGQBUyt4W%2FOQv8kq2knRC7JPRfwfKG65AAHqfsz7VvxfpeS5EYZJTozh9VzBe9ZsAjd%2FlvAD3jCTSPJFXaS2YdNbxgEg0%2BSzkHFYrZw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6801acb2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":671782,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a246547653cb51ec265bd152228542b8","sha1":"adb30acb2f269bf6cc4f70607ad7fd62ab6a3ef0","sha256":"4cf0e0724378b7d2fa3b57d3d0a318c1c605337f2199d859857920d11f5a61e3","sha512":"6f2619ede4e5360d243dd796a8eca3319744c4d52433ceb3b85ec3962fb58373a635b0d4fda778436c5f589bbb756a186860f46bb4271fe34f9dc1678c506fc7","ssdeep":"6144:cgeEXs8xXnkZmDZ98Fsqr8X/qr0kqr0HdmoKhZDC:cgeGs8xnkZmDZuFsqr+/qr0kqr0HSZDC","tlshash":"5fe477f1e415094a76bb7e0ad5c698fc1b80b7c7c947797ad980882ee3f0ed73651a08","first_seen":"2025-01-22T15:28:39.128729Z","last_seen":"2026-05-13T13:04:07.266093Z","times_seen":8,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Mar 2026 05:27:05 GMT","end":"Wed, 03 Jun 2026 06:27:01 GMT"},"fingerprint":{"sha1":"04:A8:A2:DB:A5:D9:6E:A1:96:19:8E:E4:20:63:9D:DD:4B:05:E5:4A","sha256":"86:F0:31:59:6F:27:50:6B:1C:65:39:9A:BF:6D:0C:A8:82:D5:B2:A6:36:4B:9C:0A:EB:05:EE:13:0F:EE:25:EC"}}},"request":{"raw":"GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1\r\nHost: stackpath.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\ncdn-pullzone: 252412\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"269550530cc127b6aa5a35925a7de6ce\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:55 GMT\r\ncdn-cachedat: 08/01/2025 14:01:18\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1334\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: b0538b380dc7ddf8a39643be5721b1c8\r\ncdn-cache: HIT\r\nage: 3305582\r\ncf-cache-status: HIT\r\ncf-ray: 9f25c680ea293181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-06-08T22:05:10.91161Z","times_seen":284024,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":18,"connect":1,"send":0,"wait":5,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/d67a787d6a09a7e13f7113353d5860d7.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/d67a787d6a09a7e13f7113353d5860d7.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 08:38:18 GMT\r\netag: \"19f4213c698a8bd2ac11513a69a16804\"\r\ncontent-type: image/png\r\ndate: Tue, 20 Aug 2024 09:12:47 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 3612255795022076232\r\nx-cos-request-id: NjZjNDVlMGZfZmUxNTc5MWVfMTMyZjZfMzYyNzdmZQ==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NTk0MTE0NzAwNTA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2645\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 15819087061709914996\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2645,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"19f4213c698a8bd2ac11513a69a16804","sha1":"8569355e1febc504d9b8afb0099bc1ff3a108a17","sha256":"cbc004f54d5c4b39d6d69a08829c942f21d9f2efd5dd3806b1da79b6eed58b35","sha512":"fa923e966ea20edd4d99e01244f62b4bc149ac5f79815fc8407f8ae1a4cd82722be64c6f2d1539c7c84ed2703eeb8c2c186f528705a71fc76cb7915d143804b6","ssdeep":"","tlshash":"0551e958b5227b03f958de72a2f2447e1f2d48c0b6daf94df5f7c842a1980f4a1285ce","first_seen":"2025-01-22T15:28:39.188346Z","last_seen":"2026-05-13T13:04:07.220184Z","times_seen":16,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":630,"dns":0,"connect":0,"send":0,"wait":75,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xmidas.specialfors.com/img/style-img/icon.png","fqdn":"xmidas.specialfors.com","domain":"specialfors.com","tld":"com"},"ip":{"addr":"172.67.204.63","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xmidas.specialfors.com/","date":"2026-04-26T13:01:17.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"specialfors.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 15:33:08 GMT","end":"Sun, 21 Jun 2026 16:30:26 GMT"},"fingerprint":{"sha1":"C1:A2:B0:22:B2:71:8F:AB:7A:46:04:24:16:1F:34:BB:9D:9C:C4:2D","sha256":"66:EC:F0:D0:D2:35:0D:82:FD:9B:D0:65:DB:E1:B6:EA:7B:B7:42:17:94:98:7D:1D:A1:09:F3:F0:29:CB:B1:1C"}}},"request":{"raw":"GET /img/style-img/icon.png HTTP/1.1\r\nHost: xmidas.specialfors.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xmidas.specialfors.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rKZfvfjFG6bV%2FArPWjJDotFrhm6I9dPih%2Fylw5%2B%2BUeFWQKvO4izRqD2xCer1RxlhuXtW8q7mYFLbWdcccHUeswV25tcxyXERcyIsboJ7LUHi57mnh5hium4LuXuJdlg%2FdWuWs1qwFmQN\"}]}\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9f25c6794b11b4f7-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-08T22:18:03.592945Z","times_seen":132704,"resource_available":true,"data":null}},"time_used":612,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":612,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"xmidas.specialfors.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"xmidas.specialfors.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/flaglink.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/flaglink.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 2135\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 29 Apr 2026 09:38:13 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:10 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\netag: \r\npriority: u=2,i=?0\r\nage: 357784\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D%2FoUxTBfyAsMkLEIB0FgzrqYGyJvKsF3VH%2FXjoutOdFeDtcPVr%2F2sy%2B03%2FKWqOdruq2uFzJ%2F7WsOtudG768mYQ1wf0N0QypVKMQigm989z8TILPrcu44NX1MWgb9juHVDLkHvNfOAIQG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6809c012efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14690,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14690), with no line terminators","md5":"958e119c09a94281c86f41edbc55e353","sha1":"e9f9710dbc493154a5ba6f674cce2b0c951f5df6","sha256":"27b19ce922bc8af7755cbd1cc6bdd1e60d7acfaf31c27bfd1d15e9dfa5e92eff","sha512":"488179055782b84126852de985208ca8d9015a81452d9c3c35087a6c73ab9d8952119de92f0941e4c1b2b7e6877b65a934560bf20dc829c3c00a402e03881092","ssdeep":"96:IqolNwKMs4aqDKsLyXvqcGc1QV5BXNGAXp1ewSkYFNgGP7WWNBU:8wKj6DKsLyXvfzm1XNGA5IwwDxpNm","tlshash":"4b6218558bf3342afa23d56261b00e85b33ea007d43a4f3c6d19bf6963417e519e3a72","first_seen":"2024-04-05T19:37:46Z","last_seen":"2026-05-13T13:04:07.267157Z","times_seen":99,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/EN.e6fa2f58.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/EN.e6fa2f58.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 270556\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:04:12 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bZz06bUOzRJyy4%2BkeSKmnYR1l59ySTra8d9iSIDXEeFLwWGg47GhK6sbPho2JMhzr9GffGrwT%2F4qoQ%2FkNX3vSHRXzl54IKAL73XQhEjzlbPFRoZA0KJoLtIBIyUCEyr7Phu8FHP4zS3Z\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814dd12efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":270556,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2592 x 200, 8-bit/color RGBA, non-interlaced","md5":"e6fa2f580e0d43126c698fd1365bb830","sha1":"c4d0379d4001da0585711960f51cb616a6d02090","sha256":"0b674f16362eb143576df3aeb54c643282802773b4b77b0d264f9bf6e5d55435","sha512":"9901f0aed5aec10c4f7ab2d6502bc1ede29e5f519e0ccd1cf9270f49eef5213226b63ebc7e24e5e18049d57eab41101ed06e24c304640f8cde7452475535fbe0","ssdeep":"6144:f9Xqyaunw653O3/02zwXnrD+ChUvCS52bEvNds1Ksb5uAVEg:f9Xq3uw65a/02kXnr9avCIIcNq5u0","tlshash":"504423062b511048f1a52a27d44b8a593634e9fe4a5eab507ccb2ef7f137c8cb117e86","first_seen":"2024-09-19T21:41:24.053551Z","last_seen":"2026-05-13T13:04:07.177674Z","times_seen":10,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/6426273c411d56dea83b843208fc0956.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/6426273c411d56dea83b843208fc0956.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 20 Sep 2023 04:03:05 GMT\r\netag: \"de2290f1fd7a40307e91850dc7523c0f\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 06:22:43 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13225242165171071254\r\nx-cos-request-id: NjhlOGE2MzNfNTY4ZjdjMWVfMzE5NGRfMTlkNmFlMTA=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNDg4OTExMjQwODI1MzY\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 7415\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 6868490733006728417\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7415,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"de2290f1fd7a40307e91850dc7523c0f","sha1":"158e774068e54827713281d58df848eacddfa610","sha256":"275fd1c5a87f312d9c702467667fd5bbbc8c01ebc897a5d2712450d40755fac0","sha512":"f527fbf5d2c6173e6f536c216ebea9e0f9069d9918a9a03a391478c51d3ac6dd18049bafcf1a890ea563a32fd34741eb1a86bb61bdac9b260cb6ac271bb81afd","ssdeep":"192:S1QGd9BmU9HynuwoadVVJY9nMl3j/KrjImK:hQmq9C/Vwo3ojIP","tlshash":"74e1aee4a9806e1c8ce0777f3633b46fe6f42ebbb51791014009ba997d82cec1429c0b","first_seen":"2024-10-30T20:47:39.06474Z","last_seen":"2026-05-13T13:04:07.217562Z","times_seen":18,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":694,"dns":0,"connect":0,"send":0,"wait":25,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/2726f630cdc34585af71b51de2b89d75.jpg","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/2726f630cdc34585af71b51de2b89d75.jpg HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 21 Sep 2023 02:36:15 GMT\r\netag: \"15db29c3bfd5e072b42697a5c8e73081\"\r\ncontent-type: image/jpeg\r\ndate: Fri, 10 Oct 2025 02:39:42 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 726770938819215980\r\nx-cos-request-id: NjhlODcxZWVfY2YxNzc3MWVfNTM0MF8xOWRkODY0OQ==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNDg4MDk5MzM2NjI3OTA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3255\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 2909935228013263759\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3255,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"15db29c3bfd5e072b42697a5c8e73081","sha1":"3b8b304ab9a53e33d2fa0185feeba6893d00536b","sha256":"cc21e5bbdb641e80ca21a41f0184a3e677cf9ef06255e5134fdd79aa1b764bc6","sha512":"f5daf9d8cf865cf4bcb7b88dac4f8463cf921b2721f56cb6d6d5dd48b4fe8664e41cfa19b869408337e87a2571553339268072c32820fdacaec3f89735dd4947","ssdeep":"","tlshash":"ad613b59e453fb4adb9cea3925f248369e1c54d0b285e048bcfec81e64240f10d7eda5","first_seen":"2024-04-24T18:33:21Z","last_seen":"2026-05-13T13:04:07.280495Z","times_seen":44,"resource_available":false,"data":null}},"time_used":722,"timings":{"blocked":641,"dns":0,"connect":0,"send":0,"wait":76,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/login-Benefits.9ebfb675.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/login-Benefits.9ebfb675.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 12505\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:09:46 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EoZjmQjkHL14lLMuEMtwq5MzIrv6FCGY7N0%2BzENfU9V8QNh4AYUGaLVn6LKBE06Z6n2kkapMqWJXeDltcvHQJKiqyUX%2FW6nOTXfp7pIgWiE5FwA%2BQgERKpEiQCP0IG68G4Edb62gFuy1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682dafc2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":12505,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"9ebfb675df57b869589d8448ec9064ce","sha1":"42a8b7c136d61a718848cb39b763cea360b1588f","sha256":"13b646194f0a6e2b0af4b8690d84d1516f5c9340e1e984d09b8d2ea1c8d2c856","sha512":"e59b5d908e63bc39a381e2e8bf1f0b0b99d28f495b27e18e2dc513802e5df1c9ba8a2371ff893a58fbda289e64df52ad72b4e2075413e4fd57b3772c866b971b","ssdeep":"192:/sZ3dhVmCm7sc2KcV79ab1sRzmCrxx+CYlp1j7GTH4P6i69l+CAtCu:/ud3mC6aKosOzLTMvCH4PslLwH","tlshash":"9142b09d23cd6835dab88020808b9cf7d83506d0938d4e9d5655a3cbcc77186a4eef4b","first_seen":"2024-08-19T17:03:14.926474Z","last_seen":"2026-05-13T13:04:07.276184Z","times_seen":30,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/penguasa-de/de@main/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xmidas.specialfors.com/","date":"2026-04-26T13:01:17.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /gh/penguasa-de/de@main/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xmidas.specialfors.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: main\r\nx-jsd-version-type: branch\r\netag: W/\"1d971-csHKU8+zexcbroKPl8kUrk+yAh4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 26 Apr 2026 13:01:17 GMT\r\nage: 23919\r\nx-served-by: cache-fra-etou8220155-FRA, cache-hel1410032-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 20260\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121201,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65371)","md5":"e3e8b38fed66211f84a6d5ddb8e0f876","sha1":"72c1ca53cfb37b171bae828f97c914ae4fb2021e","sha256":"4194fb4472202061ab0db48cd8908fdfc09e95ee60edd654cac0c4e5cef31806","sha512":"611cda25d8fec8bedd724bae6f07c190f22839e5fbe6b06257ab042b01cd2bcb67fbdd1b5c3db45d81bf855859fde73bd0bfd1606f3ca01c743f0e642329aacd","ssdeep":"768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1Fc:nw/a1fIuiHlq5mN8lDbNmPb5","tlshash":"2dc3c7a0f21031ea7333c55a75d0ed872219a153e56a4fb7f22f25d88f845ca1673f1a","first_seen":"2023-04-06T13:59:59Z","last_seen":"2026-06-06T00:24:51.641998Z","times_seen":556,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":64,"dns":1,"connect":26,"send":0,"wait":29,"receive":6,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/notif.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/notif.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 974\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:12 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JLRghblWERCHzXwueGZdH3vy4WgnjX9SbFIWOjdh0R299I3bn%2FsbICnYFyua1s%2BFh%2FC1omtBi5ZAtFDvmsbPlcWE1MTf02JSyaNLIxsyplrHRMrXYoExOkFPmF36vFonHqzx%2BXwoba3O\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6809c132efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4376,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"e953ba2d94ee96cbecb7949614b448db","sha1":"0a1602baa8d259a832e7735c0ebb689acb07da7c","sha256":"33bffb6c474d5923290ee247c46b20301eea1e7d17243d775b5e4b35c4a3920b","sha512":"a60d398d7aa9f3623c607f8c4aa76b5c8706c31a81e0595a771d0cd4c3e727286308a1bc4d1fce761f90e2885c819a30d44c27c8f5a92b5a2a4d2494013fb957","ssdeep":"96:k5BBEUpnzndtXSs3f4IkJQnj/cRRP8R5VvL+:k5vEU9zn7Z7kJoERR25w","tlshash":"b191dd58da245048f272e5edbff01b92f8490863570f81ebb9a47454cf6662d3a62acc","first_seen":"2024-08-19T22:58:59.094095Z","last_seen":"2026-05-13T13:04:07.234975Z","times_seen":21,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/footer-ins-new.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/footer-ins-new.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 7625\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:07:06 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6PAraqQj5iiKTIDWzYcwMkidJ6k%2FMxwpCg5NGPgT0fWnF%2Bw%2BJDkfnbXEKorgIpPg0yzEdVP902kd2rTcmdycYOIbvrwWCSWBIvm%2Ful6cDVdblKqQ%2FsvxYPk7BrH%2BZc7KDEHOXsWQs%2Fgy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814df62efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":7625,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"cc70b37c298ba08069f3c91b1df297fe","sha1":"d7c87f6337f5a48f94190eca6a1b74eef9323f38","sha256":"f2ad27dbb5397878470e88c31ca3c398f490f9e720ba0ca649ec6bf137f4d6bc","sha512":"4bd92697f8f16cea5ff8ca25f0cf47387a942e4c19cd843a9a8756361d9b28492705d2c06ff573a61b43ca59d630f35c4357fc154f61ba10f958fe183107e5bc","ssdeep":"192:5ITf1jHCQ7vkjOdt1oNxMZ3n0P9FEsSIEiAFuX:5IJ1DtAxMZ30L3EiAM","tlshash":"4bf1af4d41101aaad38f42311f69d406d4ddc02cc336b79439f44a2f69f8b2e57d369e","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-06-02T05:48:43.041293Z","times_seen":365,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/login-safety.8d265c3d.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/login-safety.8d265c3d.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 10522\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:09:38 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zo5tZXmrmXgd%2FQKERbAV58x32KidmwHdMWwy9QEno2pEQiZKyToJBMPjcChChzpPCBcGtgn1udzVoSa60pJAFYtVurTcBR6CE0B3FN3XBOt0Mg3QwsaWe2IbCdEX0LVpuzkk5XqcFn1D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682dafb2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10522,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"8d265c3d55c1fa40061fca983ae87205","sha1":"f6d447ea557d6672302b99d27e731f43e29a15aa","sha256":"1e90d7b6aa55044f76bdc5b029d82ff9f555318b8b40ee71c6ee33f86ed34e34","sha512":"7eb5e59eea88dbcdcea3ba518fba8ca6fe7734874f5ef710b362e7ebb632acea5ed71d83e5e746654db6a4606169bcabcaae8512efccf6ff91dd8d39cbe1f9b9","ssdeep":"192:CaAIAcnrRgqvcMgL/gW+ogTwVtxfF2dD34jGabQqQ/g6t7R38r/cjQqV5KlPtpcA:CaXvzvFgLIW5txfF2GjT0/g6tF3DcqVU","tlshash":"1c22bef3519a8449c6e06a08e6ecf0ccf2564dae0c0b759602bfd60aaa4e107c9d0b73","first_seen":"2024-08-19T17:03:14.927125Z","last_seen":"2026-05-13T13:04:07.258502Z","times_seen":30,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/popup-close2.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/popup-close2.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 358\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:54 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wgr5hvMGmlxO4aF84rvHwVZ6lf5EAaUtI%2BuFerc38W1pyTcg7fQR5U1BujKRaoERrFBCvBTlHNuitcSeuanIHnAUjFPC06IMxBvh%2BmW4%2FbNdJ2M%2FWUV9l5uwzAusdG7oI5mdykPysY2U\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6847f982efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":358,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 31, 8-bit colormap, non-interlaced","md5":"14f983708ddeb2052c1756e3d79f7031","sha1":"56d439d66495faa3a784b161d044f6edb853f8ac","sha256":"47b6e3288d9def65b44f0ac0ea8a5e45cc77aa1b934b85aab003cd9076e1ab1c","sha512":"b5a24dd03566529fa2488801cbaa125fd3b2ad9e4806bfa60af5de0c36550d65a6e902cd444f03ea161ed8350cdfaec376e29b53d702cb8025013e8072445fc9","ssdeep":"","tlshash":"43e060818cdafdfc872dc8f2c3ba68d83808a8211708008b40c49d3ecdbd0428121f80","first_seen":"2024-03-01T19:08:45Z","last_seen":"2026-05-13T13:04:07.310876Z","times_seen":162,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/facebook.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/facebook.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 869\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:08 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BEMwYDyqb4bnhyBgsgA5emALdVjWVU6ouhEiiq7Z2d0xd8JJY9m6E1292LWwOCLn6vA9B1R%2F7k1%2BK2zD1YPjBtz0elXQHo8QU7FJjGjuBrN9StPxjJuAmOkQ%2F9cUiQ4lcFZEzWmC0Zu%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6806b972efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4168,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"90c5820b3f23970aa0185904a11ff81e","sha1":"86b9c93afafee85c2b8725db333b7ab9beee1695","sha256":"9f7e4b35f78420cd9d66ec71fb534626b30112ad2b67450a821a776329759630","sha512":"8981e2808c4f014d0bc5c1230b0db5cc32209208e3554a400ebf70a4749486b77e7c6c50489c3321eaa2af59c2ba727592c8aa1a2687e3b6495bab4713fd3e04","ssdeep":"96:edqVQtm5HFKGF5bMFjaeGSFeiFeCFIKFp6J0XKYZ:edqVQtaHFKGF5bMFjUSFeiFeCFIKFp6i","tlshash":"4a819b962b670548f511d8edbf952b8bb20e5823534fdc5bbac0705ccf865a886a374c","first_seen":"2025-01-23T11:42:01.066514Z","last_seen":"2026-05-13T19:15:32.241969Z","times_seen":13,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/pubgm_app-icon.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/pubgm_app-icon.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 128735\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:03:34 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vLvFYPuE2aYQNicqtuoG6KPwKy6fIk1giGZnZ90ikXzoAPW2eUu8dsBlq6j%2BUHOzC6i9KuENbKw7tlXj7zD5QxzY0tSZYWz2nquVi979ocUjJsuE3JbW28G4c7RJrRyVwNjfZD5gsdyk\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6812d992efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":128735,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"e9f7efc0eeeacf4a12415632abed68c9","sha1":"513ee729c3317a5b01d010cf380281ec6ff85002","sha256":"07fcd49575e786318611dba090748e3c8e0bf472723b1de06d9241d58f7efd3d","sha512":"180205fd7fd6ec4111a7c53a88ef5ced61f784ea1d15e1ba17ec1e272ab2622c21d272121a0c4804f27a3b8765f42c8ae71da1c99a1aa77cdb480d4e1c45f660","ssdeep":"3072:aL/l0xc/ishDD6CpA6Sq/KZXu3b2g9NvVHlMaBUepwvDdu:+OxKisdJCrgKty5Edu","tlshash":"a6c312e07b9c587df6cb84460529083569fb088166d6873c89acf3331ec5f8e6a72b5c","first_seen":"2024-12-07T10:23:52.361372Z","last_seen":"2026-05-13T13:04:07.288401Z","times_seen":22,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/0ebb4d6c45004043613005a8f40c7f8e.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/0ebb4d6c45004043613005a8f40c7f8e.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 08:38:18 GMT\r\netag: \"dc48db1d671abdcfd220a9e678948427\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:15:23 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 19768526227727648\r\nx-cos-request-id: NjZmNDFhZmJfOTZlZjc4MGJfNGNhXzdiYjJhOWY=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NTk0MTE0MTI3MzQ\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3512\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 12400217446594530250\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3512,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"dc48db1d671abdcfd220a9e678948427","sha1":"4d17b383a4368a01a6fa6a6c328f3b524701335b","sha256":"05b94aa34e47b28b86fa8d3c16149ca254b26c0c26b843e7cb1d4ba5a49deed5","sha512":"2f6d4a6e15a5b1423355b7f05799c3463d580d6db0cddc724c3245f5a06ea88a1cfa1afd9d38707e60278bc59627855e546ebb3c94ff47d46f2f9b434cdf0921","ssdeep":"","tlshash":"d1712a17f5953b41fb589d323af38a128f051482b2e3d86474bacc0a55371b009263d7","first_seen":"2024-10-30T20:47:38.995699Z","last_seen":"2026-05-13T13:04:07.246729Z","times_seen":18,"resource_available":false,"data":null}},"time_used":1630,"timings":{"blocked":280,"dns":0,"connect":22,"send":0,"wait":24,"receive":0,"ssl":1303},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/disable-devtool@latest","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/disable-devtool@latest HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 6646\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.9\r\nx-jsd-version-type: version\r\netag: W/\"4514-YJEJ2C3rDH3T2dISgI3LoFSM49E\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\nage: 6173\r\nx-served-by: cache-fra-eddf8230123-FRA, cache-hel1410032-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17684,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17663)","md5":"7fa174926682313cc5a067077b0bb22d","sha1":"609109d82deb0c7dd3d9d212808dcba0548ce3d1","sha256":"5a7b9b2c807f85575c9ebc1f508e849b53430870b2d0fb6c02b2de3df661cb63","sha512":"83a593d4b8648b78031259becd96b4c33226e9462c2e26013ee0746ff58a7b710159d0d380d001d7740e9485ee346491c16e3fdb0d334f5b6cfabe6f90cda9b6","ssdeep":"192:m+5ekRvDLCpBK+BpP78nPk6O9ShgzsqcSYV0GtI+uwicvsbIUiJE2KmnyKU:mLiPCvRvT8nPk6cSCzsqGVJeZcsb8S9","tlshash":"0582c4ccb48270715b77a9e9507f454ab23aae96888c8040f13ed8e42c7c56ec267f7d","first_seen":"2025-08-02T03:49:54.562881Z","last_seen":"2026-06-08T19:32:09.159965Z","times_seen":4396,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/7652.aef5054d.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/7652.aef5054d.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 11734\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:58:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s1ZYQqnmFa3OBpjkYsuFu%2FJMcoQ5GqcGvSHK6uueZZ4zyFkvifvKUPkriFiXJZav6on%2FR%2F0%2F6TnMKhRDzD4vx8BtgQqSdFy%2BQTcsZu%2Fa4TP5rNLYWjyL9t93iUmhuqkxLeNRvxNd5jiR\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6801acd2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":73433,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65531), with no line terminators","md5":"885ca2825705adb91e4899c71287199b","sha1":"660b14764bcf2ced993421e30feff2c563a611b0","sha256":"757edca2c51b171dcd66b8e981947655259b89834d224952c11f6e9d7f271c9b","sha512":"36d14e92cdd114d5a9945868c960c7ee03b47fbeac79ccb4a1966bd533b92331f59a579ccce80c22480d35e08fb77be6cea3bc6aafa9ef0a5f62fa50d18a11d2","ssdeep":"384:dqOcbJ9POasO7lMspwEHCpSqTq+gklKlGGS+5CHthnrmcQTQ34IPnP0pv+J0m1JU:Ui9qy5O+nyULPFi9qMi9qn","tlshash":"1073c668e8210e0cffffad09f3e7553c2285d9167497a67dac94d91c82a06f9357220e","first_seen":"2026-04-26T02:12:57.15914Z","last_seen":"2026-05-13T13:04:07.278164Z","times_seen":5,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/footer-fb-new.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/footer-fb-new.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 2899\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:06:50 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kv4Z0RJnDrWrw%2Bo0zb1CgvQPFyeXwL6WCO%2Fd5%2FkhCXCFHKrV5SNhqOjk4mSHVe3MmLbnVx2vmwNp%2FGe5C%2FTrf1av%2FtAKJgjMp3mQgNHi0Ky78Mc6e%2BuQeRW72wP03f%2FB1vlBH%2Boa4Q%2FL\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814df42efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2899,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"9be2c56c1a42fab7e2f5b764573dea4d","sha1":"16f58f9b1f5fd465d3a8bc765b972eadb5166f24","sha256":"cc8830f258c471b9cb15d69cda554d5181bd680996dd0041e3b9986b3b0769bf","sha512":"bd6d9f12f0bcceeddbce85dfcd81b6c1c82963d2ddfbc4ef53f4c85071c15ad72f1a0fd91550f618b75f003398bc1ebb18f2969bb69e707d1ccd4a393c9c98cd","ssdeep":"","tlshash":"47516d9326b1d9cdb73aee2bd44344f652fd785c9360139d195c0cf7ac460494be1092","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-06-02T05:48:43.025318Z","times_seen":365,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/5dc29c6aed47ec3720c283738821ffce.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/5dc29c6aed47ec3720c283738821ffce.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"7806da70aeac080017ff00ccb132f2a6\"\r\ncontent-type: image/png\r\ndate: Thu, 26 Oct 2023 09:34:02 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 14132467261481362850\r\nx-cos-request-id: NjUzYTMyOGFfMzQ5MDI4MDlfMTJhZjFfMjBhNTBmMA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgxMzMxNzU\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3578\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 1628785083259189752\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3578,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"7806da70aeac080017ff00ccb132f2a6","sha1":"8443ced94e2de0bba00e48dd05008119dc0c435f","sha256":"0f2902e79394b80957cc01d3abf9cc2263531356f8e1807d0fe8b9f6d98d52d9","sha512":"4e5e9dadec2f97632b2777bab684e063caae6db452056b9362b4be8bb984bbc690aca5ccc7b1f3c21c408d13ca359debb068e80560d2e17312c01789aee9b22f","ssdeep":"","tlshash":"43717cfa7993d69e803f402c2bbded5866b04669a0cc77fcd608e00b454957d88ee642","first_seen":"2025-01-22T15:28:39.184949Z","last_seen":"2026-05-13T13:04:07.297862Z","times_seen":16,"resource_available":false,"data":null}},"time_used":716,"timings":{"blocked":637,"dns":0,"connect":0,"send":0,"wait":75,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/4c58aa9464f6ad5893f10c49044eb73a.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/4c58aa9464f6ad5893f10c49044eb73a.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"5099a7c3bc291fd0d1370dd652b42531\"\r\ncontent-type: image/png\r\ndate: Mon, 10 Nov 2025 05:42:35 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 17672256454398081975\r\nx-cos-request-id: NjkxMTdiNGJfOTVjZTE3MWRfMTY1ZTJfMWYxMDI0ZTQ=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgwNTYxODE\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2988\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 18076126904596478713\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2988,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"5099a7c3bc291fd0d1370dd652b42531","sha1":"930ba1dc859d5d2dc32c9cf40992a778f1a46865","sha256":"e08c85c77affacdf5a5f50a74a8576f04c81da4c49949e9eba692a0dc5bd39aa","sha512":"cf4b5af28e539fef955111d225d69a1ae1772fe11ce820c2c4fb3cd6c009d1df24abc5fdcf90569677dba9f6b09217ba893fb855bf8d103f657aeb42104f4904","ssdeep":"","tlshash":"55511a18d31f452f15245cbca09e619d8b7bc326d935a8079dbce029d8fc15fe2d5360","first_seen":"2025-01-22T15:28:39.236772Z","last_seen":"2026-05-13T13:04:07.186253Z","times_seen":16,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":647,"dns":0,"connect":0,"send":0,"wait":74,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/5cd68782d589758bb880d656abbd3a1d.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/5cd68782d589758bb880d656abbd3a1d.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"af6e8ff285587d9b614041376dfb4f3f\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 03:36:04 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 9135806937487741942\r\nx-cos-request-id: NjhlODdmMjRfYmJlZjc4MGJfM2JjNl8xYTQwYWE1OA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc2MDk4MDE\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2950\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 6534195033274175717\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2950,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"af6e8ff285587d9b614041376dfb4f3f","sha1":"1b505bc42dca7af4b70320288f461f4d966d321b","sha256":"4789f7684065c72ce12eef05ba82d6dcdab7d163b5f2ce0bbf5222f181b37820","sha512":"50b64cb12c5a44e726819ad1e7f42b184e0cd45e3043affaf317b8f93cf82f8380bba246b5eee1d57dbfbe904fd46f25bfac12647d9eb932ee7ed063b11caefd","ssdeep":"","tlshash":"54513b820b7c4fbc7dc98d77ff18a56b52d187312fb83021b551ab4a51dc98b1ae4a10","first_seen":"2025-01-22T15:28:39.199935Z","last_seen":"2026-05-13T13:04:07.327281Z","times_seen":16,"resource_available":false,"data":null}},"time_used":745,"timings":{"blocked":644,"dns":0,"connect":0,"send":0,"wait":56,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/load.gif","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/load.gif HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/gif\r\ncontent-length: 6518\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:52 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Go4diEacNWi%2FtUFbx96fbBOyKUvNhfMLNWxAHfhWfRXguLRFdX65oNM6gzV6SpOxK6oW493uU%2BNu2NLJfaapvljRMxhwliVpijPAhWpWKLVDQnkdGOUyVV7s%2FrDuQwxWwqHUwcsX5TEv\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6848fc52efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6518,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 164 x 38","md5":"144bb7d6f1e1cb408835fcd849acaf41","sha1":"8bc47b81f5b2231fe6ef713f70dfff07961c6720","sha256":"9a8c5f0bc8f65663a4bd8afee1623cfecb94f3c327e86705685f46a622ff6b66","sha512":"d90bd8fd31eb60cb6f64ce6c7ea06ef6814e15982fba76c283496f798d15474c0f230a93bba250b219ec9912aed16b5d3686072a348c3d6e7481b1b7cf9f1442","ssdeep":"96:62OdLI7ETbpPx/7LI7EkJTLI7EWLGzlLI7EULI7EbLI7EdLI7EhQGv:kIQTl1IQEIQMGhIQyIQvIQFIQhQGv","tlshash":"83d1b63ce3c1be14e4446a7a94af7f3d461459346b58166f306adb20ba123fc9e4c3d6","first_seen":"2023-10-28T01:32:47Z","last_seen":"2026-05-31T06:09:53.823817Z","times_seen":281,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/animate.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/animate.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 5613\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:06 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NhJCuu6y1FY%2BlLQhcQVf60y%2BCIhYnKkb3h6d3CODF5yUdW8MtRClimq%2FggtZoo2BMzCbBHKwjwCMGnerG972x3T%2BISp6XgTw3ai2QW3Yjh7yBwPQ%2BXUY709LZK%2FsOUMi3hsnKXjiyE%2F4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6806b962efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":79279,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"1120579032f3cb1737e0819f9fcffa7c","sha1":"3981684171cebe7deeafb9d7a4a54bbad43eedd0","sha256":"bdf63257624aa701af1476c0a25c86ec555d9ccdec0a0157ed005a49d5423856","sha512":"58cc41512a92a327fef08ee58716d97e0b8ba1f93df13912ae666da83ebca50d612cd5280367fbce00b0e5a04ccef9a167ac74bf4ccf6bab47e348bf631aed9c","ssdeep":"1536:gBDxYx8x6xu899Ml5Ixxx/xGxW3BkEiH06GdX3aKMyt2MNal:0xYx8x6xVxxx/xGxUK","tlshash":"4d73389d9b4015c457328d2a8bcd4e64463cb973587a5cef7282188fdfcab9c63ca607","first_seen":"2025-01-22T15:28:39.254573Z","last_seen":"2026-05-13T19:15:32.232083Z","times_seen":13,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/30ee99398.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/30ee99398.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 3234\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:37 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:01:12 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xYJ0ccMIOS0qAEZnGWS4oj9VVnuBC0LY396GEDav%2BB8igh2%2FhlKyXZ5wzqmeNbLItP5tbLR0YBkqnp%2FUOauvugyJJxFxRYYoGuBhg3%2Brhf5bM5mGAwPRGRLqhBajYygBTlHGndcDqqR1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6812d7b2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":3234,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced","md5":"0ee99398065f2d000412b89818bcde71","sha1":"4fc6a30f8071825d30b1264d98ba255b9f2a4973","sha256":"3ae92fbc0ab23564539add612992ce7382d1c8aaa2a802dcb65fd834f00e7962","sha512":"b6fcef20d2507541a93cdf07caa50f27e3e452794cdb78fa00248e8de6bcb7d86ecc9c4dcd83b40086125648a6a6b3007ac5401faf4dfe6396217b04c2627323","ssdeep":"","tlshash":"71616b335f329eba80376a264ca285d1dc16f3416b082c1dfe83dcb0665242a5e04ca3","first_seen":"2023-05-01T11:58:24Z","last_seen":"2026-05-09T11:43:13.819658Z","times_seen":120,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/reward/sfr.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/reward/sfr.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 44378\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:36 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ef2SnvxcK%2BQGkLLLkg%2FIB5b%2BnrCtgtBokn85mdeOzFSi7bYeRUfTSDbqa5oyhCswGGnvZwcajV%2BtV7D82Rq6jOCiBec07P9yV16dLDXh0mTIrUT6QHLthf%2BmIJj5pl2gWENGxDjGvfuN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814df22efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":44378,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"9665828be7b6f58c283ec013c85a7c3f","sha1":"2dded3180a150d60de0d738486c3c074429d816c","sha256":"5058d3671ac6a5f186e756d1ad0e1108247df39a03165f42e288ca6442817a65","sha512":"2b0a2877384fd9cb41b33fea33573bf221768acd92f0709446e8b1defcd977fa9bf8a96d72437d5ab2280d743b8605d9134a9d50886164db8ad425e5090e17b0","ssdeep":"768:1i+FXnUCHAdYp1PduhQLs2Drz7J/g6FXbqKRpNViyyK3:sijgdQOK1rF5XbxdVbN3","tlshash":"3f130186b75278ff822396209c7dfe6ac6944539f1ba3b20413e6f28315c52e5cb521e","first_seen":"2024-12-09T16:53:48.094138Z","last_seen":"2026-05-29T12:33:19.657566Z","times_seen":38,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/facebookbtn.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/facebookbtn.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 1265\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:12 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IBh5OUH9wryrKYoYPkNmyyZCsPtOpxonPctDNtDjukwtwuQdN%2FgMPjIhml6WmQEV95jEgR6g5nZbET8EzdlgL%2BsIBpEqhvvIG57Upb8sxj4wktbCqWWOrnV356v6LgCwZ4vpCVe6iIzo\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682eb0b2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":1265,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"4879fbf23dcfd09a51d43cf75634ac6f","sha1":"affb53d8c9af76771e4a60d0671a02c066b6adac","sha256":"737a302495b548b1b5dd8f9fef6bbeb84fd28130942457b38b5febbf2fe20690","sha512":"81f9b70a938d14690850d672891de36e1d596edb4541162299fba17463b8d156a6920711ff9e42c29089cebadafb156e37c63fc25b0e305fcf08405addfd73ca","ssdeep":"","tlshash":"4221c8655a39806b94e0a336c97cb9b1f46132597734f218540f66f7e29380d89181b7","first_seen":"2024-08-19T17:03:14.928732Z","last_seen":"2026-05-02T14:51:08.497881Z","times_seen":27,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29671\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 23 Apr 2026 08:10:50 GMT\r\nexpires: Fri, 23 Apr 2027 08:10:50 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 276629\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":84245,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32061)","md5":"e40ec2161fe7993196f23c8a07346306","sha1":"afb90752e0a90c24b7f724faca86c5f3d15d1178","sha256":"874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4","sha512":"5f57cc757fff0e9990a72e78f6373f0a24bce2edf3c4559f0b6fef3cf65edf932c0f3eca5a35511ea11eabc0a412f1c7563282ec76f6fa005cc59504417159eb","ssdeep":"1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh","tlshash":"db83d6d9b2c67062977730b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-08T21:43:10.423332Z","times_seen":58456,"resource_available":true,"data":null}},"time_used":590,"timings":{"blocked":249,"dns":11,"connect":24,"send":0,"wait":11,"receive":3,"ssl":288},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/main.8f2b2f27.bundle.js","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.538Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/main.8f2b2f27.bundle.js HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 105749\r\nlast-modified: Fri, 10 Apr 2026 17:10:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\netag: \r\npriority: u=3,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6iUDSHuuI0Drus%2FUDusOWmnsyBH%2B3YprlCxAGHMlKZ0UkUhge4rXGJjmzr8UQzKu71%2Fuo%2Bryx94KeVxQ6bgxDSBXSF2TXr3D1TE15MT622B6ruvZh54bOl9xzqijBNTF9OlsWTL333ts\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6849ff62efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":350442,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65457), with CRLF line terminators","md5":"aa7bc912b5c808de63d075e3fea3e6fa","sha1":"8950d18e740665ef2f21fefc76c19e4aca9ce12d","sha256":"85ece8c481f9a602fdce92637aa40fe02cc9e2e0151e8cffd7527c67df569812","sha512":"bdec8f43144c1b5a223d7aaa8e056cd58594f765e57cdb68c53dedfe2475d1d231cfcb3c9e0558b4558a3b042e7558f53486de9ae9928aa36031b947e966529f","ssdeep":"6144:d8X48jKzfjqMuQORd5chlezp6qPS70SuLxnn9bM:d8X9KQQnh+K","tlshash":"597409dd75d6f05217b321b6407f240bb33a691a680d8950f221f8d9b8b855ee237fac","first_seen":"2026-04-26T02:12:56.946016Z","last_seen":"2026-05-13T13:04:07.261737Z","times_seen":5,"resource_available":true,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/js/trueid-api.js","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/js/trueid-api.js HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 37035\r\nlast-modified: Mon, 13 Apr 2026 05:54:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\netag: \r\npriority: u=3,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B1lHsVcTG53bu%2F6jekYkN6c1hx8jZq1gw1j3EkVKlKn5jybe4QrlxWXzGkmbzvLzTiENj0EhzhSl3URTU8jVvQ37Jhk9%2BTSsbcDFrhf4DwccADa0a1B7wun2UsCLQtC1YbxOOcd%2F29Ej\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c684a8442efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":103159,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ac8872452a1c3708089c9ad12d2523da","sha1":"88cccf6ffea78449c7b748937e0106fd6978279b","sha256":"3061349276d01e5a2405a3a2d90bdfbe5d0e883f518a3a577fd7ee579de4c7f9","sha512":"35dac5943014ffcc8c831cf7522dd218577b5ce98f55163fa2614c1d1ce0035d1e50e109af17f9f9f6e5e916e9d68cb74bde5cf329a31ea42fff6f4ffffbb3ce","ssdeep":"1536:yjFDi8/sTZ4HAE9hkacdiXVXdlKN1yg7g50pGjPlPjZKZk1Il9:yjNiIsTZ4HHhQinlKN1V7g5PjNPIZR9","tlshash":"9ca34281b7c1b8a107d39b76731fb1e5f46a4ce876854c8bf110f890f5a9606fae0a74","first_seen":"2026-04-26T02:12:57.153988Z","last_seen":"2026-04-26T13:10:26.575053Z","times_seen":3,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/1446.0f03293e.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/1446.0f03293e.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 6225\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 14:57:57 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:49:58 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 424999\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=THBcoaEAQ5osGb4aRfFAAUZD0%2Bjkul4nDaUNd5ohBVRPXQUBSU9PPIdcV06c9GxO30Ax3SVjm2f30bgb5ZRufrlvbqD3odRG8vcmnA0KcNhmmZOCx1CFgQwFG%2B90NI4TloljmeoMfSt2\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fb9dd2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34453,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (34453), with no line terminators","md5":"0a4c924eee3c44fd29d26f35881c8605","sha1":"22cfe0751619aafc636d2963a295751b52fb4a6b","sha256":"2224f22a8b33507ca95b19701a841c7cde48c925c6bfc0a2788e0fe4d1af6a1f","sha512":"4678bd6b33a1b66cb434c27f33baa16b5193cf837c96122b1bc458bf30a98b34dc5aae92eb90085859a30603a64277638cb0eab223513381d5d309da086f851a","ssdeep":"384:FNDuXX69k575uHBwEHCpSqTq+bQCPwYvVj4WHwEHCpSqTq+ar+eIO:Vi9qKdDi9q8W","tlshash":"55f20ea1c8630d18fe7bdc45d7af70680e54bd07766309ac547859b6e2c35e8e23b1ac","first_seen":"2024-10-21T08:04:20.242754Z","last_seen":"2026-05-13T13:04:07.230434Z","times_seen":11,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/349.85fa8586.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/349.85fa8586.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 5755\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 14:57:58 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:51:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 424999\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8PbKt0YH27aHwIYYLXyIyFgAu5ojAotZ86Nn%2B2lMJSbvdL%2BGM79kKh39K9V75mLAexKiKG4yJYtmYTixFHvshuawAcN4G%2Fxsd4ThsbPjWVHaL6N1UFGxf03p77qj3UzTyq6O6yEhsuRq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda162efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":20354,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (20354), with no line terminators","md5":"d725c2898d0505fb148218bcaaa810a9","sha1":"e9cef5db014c255a279e3d0770aa236761889584","sha256":"fa1178047d8611ead5a29342beb1f5292c411779da1d04fc715a8bfb26289062","sha512":"5e6139e2da95b11b960f7baf516c9616cfa2af43ad27e1fc552b904a106a9f0299e48014e8b12a27730d63a358a20486807133a4f2f2c83992189036319df365","ssdeep":"384:PolFZOQqUKuikIzvEEXHRkZ6XDlJQwEHCpSqTq+w4UyWY:ueQqUKuikIzzXDlJ6i9q2","tlshash":"ba92d6748970ed6b76b7dc60dbc586cd1e28e906638316ede6c35168c2b25e83332b1d","first_seen":"2025-01-22T15:28:39.106893Z","last_seen":"2026-05-13T13:04:07.325444Z","times_seen":8,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/41b77362b3230cc91ee4e0488822b329.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/41b77362b3230cc91ee4e0488822b329.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"81ede4eb8eb2b3db641f1cbd2f60a87f\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:21:20 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 4926685711299190850\r\nx-cos-request-id: NjZmNDFjNjBfMjZiMjRkMGJfMWNjZTFfN2MzZmJkNA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgyMDMyNTg\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3278\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 2009346722945258353\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3278,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"81ede4eb8eb2b3db641f1cbd2f60a87f","sha1":"220bc6235c5c923cd4f1c870331ea28e82766ee0","sha256":"58718916319e2074574e584d9e0053fb19b62f7571ca2b91d4151c124074b34e","sha512":"73b4b102a75e4ad00735ce4440d0678091dc419eb37d82cd9958a83a5a6ac4bb28c8da4861e90d3795b1f65f37f6adcabbdfd3af4d93645004ecbaa37ddb9fd3","ssdeep":"","tlshash":"9b612cf9154ed33b2daf9e30513d31b3b65152b8954f544e2a8c438255b081e9cd8058","first_seen":"2024-10-30T20:47:39.057375Z","last_seen":"2026-05-13T13:04:07.224725Z","times_seen":18,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":632,"dns":0,"connect":0,"send":0,"wait":75,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/1982.be4a334a.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/1982.be4a334a.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 11482\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:54:04 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VH22o51vaoDQcTC4LicP4TDB0nNV%2FmBSA8mQswVoDqU1OlRnCH9hNBzdv0pp0hpuZexDrHvkmfaY%2Fq4%2BIpHK3OL2umVn%2BF2M2CYBb8%2Bbis2R6qrJpzlo7k49ESLBTKi1JrpdEQZK29xF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda222efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95270,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d393bf561188d502e167186834f1134a","sha1":"830ab3387722ab846c6dd2d5e2a639de544fe738","sha256":"386b8d1d94c8ffe526c705014f6580e3f31e528eb3b7edcc4e779f5f088ed09f","sha512":"0b70476074161a00bdc72635294b65eb79cd483e8214be080750f45907f445354a2f7177348a880ae9640f8a07fae0721f0c77a14ec33a65a636842e3cb2094e","ssdeep":"768:nlVi9qmDi9qVi25B1Q6ue7A+wUT8QOFIHMBLosVBsyo6A/iwli9qBBKPqnt15Bis:lViQ6iQEWiQNiQwy","tlshash":"3893a651c844ea45b532e9c2e663617c0688f62771d39efe3fef24af92e06bd2217114","first_seen":"2025-01-22T15:28:39.093707Z","last_seen":"2026-05-13T13:04:07.252372Z","times_seen":8,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/twitter.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/twitter.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 1210\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ieKHk6fzyijkbiUySOwpnU4Yp0KFYpk3ncBMHV0XYFF3XQO%2BpPUtZ%2BHSXW6Xhf8UTvM5HrAEAsA8%2FBtf%2FS5OI4wQ%2Bs%2FI4gAeOZTx%2FPCFCR0W%2B%2FV0hr8P1u%2BDDHVzNHh%2BDUQSVHoCI936\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6806b982efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6451,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"45e7f7f91fc9fe870757838a4b297eac","sha1":"1c3c665b1e88c2ac85979c10dbc605847fc17dc5","sha256":"d30e1b758d21598f80faf0e89a43d2340e2b7ff26b030a0c3dc169d6e65168e3","sha512":"2ecc46cf2990362a345b98eb383051e8f1338023d448371643b5896f9ae59af9c65d862f57cf86ac3e9d2c6d36b7d229d8950ff2d6551a3df958a22693c0a3b9","ssdeep":"96:/acJ6M6X4zezulFW5O8KZfkli6AOYNHA8VoIoV0:ScYrOlFqO8KZMli6AOyAWoU","tlshash":"a1d1fca79f221508f502e8f8ff66ab9a66094013534fcda7ba4c361ccfc659847b274c","first_seen":"2025-08-08T20:20:25.023305Z","last_seen":"2026-05-13T19:15:32.30572Z","times_seen":18,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/821807bcb8b09695389119ca62eeecdd.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/821807bcb8b09695389119ca62eeecdd.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"e63c1f67df6289456b01d42a291f0d18\"\r\ncontent-type: image/png\r\ndate: Mon, 21 Oct 2024 18:05:00 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 11247417401204316228\r\nx-cos-request-id: NjcxNjk3Y2NfODZlZjc4MGJfMjcyMTBfYjJmOGVlNg==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDgxMDc5MzA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 7193\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 10462986818325866125\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7193,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"e63c1f67df6289456b01d42a291f0d18","sha1":"8a02133aac57a9de863144dd4488d58b072fdb96","sha256":"4cc861f22423295e6aa783d42fe48758704158254a608945d0443cf12b88b258","sha512":"4b148ef7349ec890d02fda04e8419f823cb4cd8ae953bdf9c726861082652bb7b0c13b2a8ff43063b1f915f6acb6a1f303ce840d1322dfffcca34e1f797efba6","ssdeep":"192:E/Lsi+poMn7+rUmSYSumePlusdda9Ogt46HmId:MQpoM6SYSZcVdoHJ","tlshash":"dce1a0de6cc556742ea7ce078b24ecb4eb35853334ea3d5db013da46a57f1081808e09","first_seen":"2025-01-22T15:28:39.24145Z","last_seen":"2026-05-13T13:04:07.279791Z","times_seen":16,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":701,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/be281be8b340500e662bf35df6dc35c1.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/be281be8b340500e662bf35df6dc35c1.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"f570e87ecc82504350e56871671dbe4b\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 15:27:03 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 9824401301893414281\r\nx-cos-request-id: NjZmNDJiYzdfNDc3MWI3MDlfMWZjMl83YjljOGNj\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc5MDgwNjc\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3723\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 7586570913410807103\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3723,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"f570e87ecc82504350e56871671dbe4b","sha1":"64fc4078875220b575639a7a8677a4295a081918","sha256":"692398d82c491ada2ca7e4ca1f238f2e7d7f5276a07d8a9dcb6fd5c864e19a98","sha512":"c6320896c7a8cae22d6c4afebd2de51d99136955e850d68813904c140cfaccb481203c19f4b31a8ea15917a25a6424fe3d9c35cad50f6ce6380c1b3db8c4d9f7","ssdeep":"","tlshash":"52714dd396b40a850b6b56ca76179ad4a7d3882b01e7184e33e233c08d519786afe14a","first_seen":"2025-01-22T15:28:39.217368Z","last_seen":"2026-05-13T13:04:07.263445Z","times_seen":16,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":640,"dns":0,"connect":0,"send":0,"wait":76,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/1462f1e033d3e26ced00bfbf97e5086f.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/1462f1e033d3e26ced00bfbf97e5086f.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"f000f9b5ce26806ae631389c2e2625fa\"\r\ncontent-type: image/png\r\ndate: Mon, 20 Nov 2023 15:03:02 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13992276931822056787\r\nx-cos-request-id: NjU1Yjc1MjZfZmI4YzdjMWVfMWQ3MzJfYzg2ZjFhMg==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc1MTg2Nzg\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3602\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 18398657794282537751\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3602,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"f000f9b5ce26806ae631389c2e2625fa","sha1":"c1675268ac4b566c87350177a4d6f985d9d44677","sha256":"649e7a01dab790ea9c63f3787c550739ad0487697bdcc0ca814898a3419460b1","sha512":"6aa63dfea29c3f62f9ea91da6b36fdd4533d624cbd7b26b2ae724be37a5a07a70e75892fe76d6eb1f0cbd022e60a132317d8441d65a46b3817980cf50817b771","ssdeep":"","tlshash":"f4714ed930c41b919f5af9a37d7b64c00b25cb444d9118695fe1b9e21776a0e4b2cb12","first_seen":"2025-01-22T15:28:39.183552Z","last_seen":"2026-05-13T13:04:07.167774Z","times_seen":16,"resource_available":false,"data":null}},"time_used":716,"timings":{"blocked":637,"dns":0,"connect":0,"send":0,"wait":75,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/641903dfb1304392d5b0865d594833f8.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/641903dfb1304392d5b0865d594833f8.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"34cf3aa55d10f3f8869f264cdcb2ad5e\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 21:06:23 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 2435251802681037888\r\nx-cos-request-id: NjZmNDdiNGZfY2FkNDgwYl9kNTVkXzdjMTIzOGU=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc2NzI2NzI\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3523\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 10850605839940189768\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3523,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"34cf3aa55d10f3f8869f264cdcb2ad5e","sha1":"94cd8a7d54c36f1ce3f1a5d8925ef4e5c33da7f8","sha256":"6da833d493a4e1a3bf46b9d484477687d4a3c2c92aebf24c82f9e5f128b4368d","sha512":"204744a724e1e64e3c8af81ca50b1efd69a8b0d50f64c6722d71ee8d956a7781b15b9233071e32be8b24267925d5d7e29613e7431480a4e32bc21a7b4c43810e","ssdeep":"","tlshash":"fd715cb2acdb97b2616777a957351c46d7640b0ec9227a191104ee3d483432d28caa0f","first_seen":"2024-10-30T20:47:39.071579Z","last_seen":"2026-05-13T13:04:07.241219Z","times_seen":18,"resource_available":false,"data":null}},"time_used":714,"timings":{"blocked":635,"dns":0,"connect":0,"send":0,"wait":75,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/google.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/google.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 70339\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:14 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3mDSRLpvp48kH3k12WBjuF4Am2%2BxP8xyU61UUYAC2vdmkzOeTLf%2BbFEiWT1iGtyymx7MYCx7sNdY2SjhgaiAdC4W9Ra444VmYdudMDfCZ29p518S3KelkENMliiDF%2BrFXU%2F5wNNsx2ix\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6847f932efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":70339,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 465, 8-bit/color RGBA, non-interlaced","md5":"95ee18d0114fd000ad2f4d71d7e694ce","sha1":"18864af07d81ba8ed080b3d013ab807e3e558c3a","sha256":"c5a73974a7cc2f30ba0bf1280f10994dd3d2c39b828f7c1a72c24bf9e14fe2a3","sha512":"d4aadd30d1e23e86011aa929f34d6ccef667607e9bd6ba19428f2602023bb9678efaedeb73a802fa04a26e05980fd7e671efde53914cddff403ad012537359f3","ssdeep":"1536:i8vXzmuCDICIwDQfjdXO6atYwHZwjcmuzcAW46Z27UbcG2fAO:ityJX6YgZw4mfAW46ek2Z","tlshash":"df6302adc2f7e046c5df3325ebba5bd787436bc33296d192ac06143ee811c425498f9a","first_seen":"2024-09-07T03:45:51Z","last_seen":"2026-05-31T06:09:53.735271Z","times_seen":92,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/fonts/laza.woff2","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/fonts/laza.woff2 HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 22220\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 01 May 2026 10:46:59 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:28 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 180859\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FDruYxiDikl7fI8OLphbtxRteRh%2B4zK%2F9jxX0Ok41Rvbv2Xbq5D%2FaEJbMtCzTQBuPBGe%2BSbwhtDDngESVW4%2B5Typ4F7V3Q8J%2BGDOZ6AO%2BtDmSbVcYEZLM2YKA%2BcZKy45hK%2Bk05rUsETo\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c687a9012efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":22220,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22220, version 1.0","md5":"345579e8566a3dd6dc9feb5362fbe7e1","sha1":"df075dd0c26e72fd7df19948f07904c1eaa72ded","sha256":"1d0dfcc32b3be2bf3b3dbc371e9b7c5ce205f4bc6f7c8ce0226256cc7064c3e4","sha512":"948b48b697dc39d4c921ef8765053cb414edd47d12c69856191c5e28a580a1ebdb6020d2b8d5639d7ea89fa24fbdd73c16bc5e461b86f644420fffd3fe76b397","ssdeep":"384:1dPjUYc1ZQrSCantuGbZZHmv8m7Uh8OIXXS6pL/AzxeDxw+wBhQPyX/g2g8rYFGk:fJ0qrSCasGZZH9C+lIXppzAz0SLnPgCG","tlshash":"82a2d1a9a2a202d4dafe4405bde8f8b35cc2b43adfc687394a74f54dcc845d18534d5b","first_seen":"2023-05-01T09:29:40Z","last_seen":"2026-06-05T03:08:03.272417Z","times_seen":980,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/link.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/link.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 1244\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 13:39:20 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:12 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 429717\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P1Hnjk9RAHDMWQVf%2Bdmgs7Tv8GsojFaGS0E6H8BT8HZJhMwzXhfd%2BCNlNiDVBqrDRLEVdzxyfMwXW%2BQ10PUD4xGKgSwOrZif0%2FTeA5Kf6Xfg5JwCvF6yCZAI8hmahxSje2ne0nv4gS2s\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6807ba32efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":5918,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b6503d3266f8e98ba08dc7d473d32a51","sha1":"37296ba91057307deff523337a89e819f6c2abb4","sha256":"2aff1a358bdb843cef1cc144f400956a9934a9c7d98107382925e9c862614b2e","sha512":"e601b98497c968c3fc8b391e598f10ccc6ef095d8e19ada8a2e3b4b53dccee7a29550926561f6c8f331f04ff023ca793fcf962342d535cc369c3fd1de195b77c","ssdeep":"96:uX3dyH7T1dKOLIDsyIDpIDlISwIDxYBZlqf6J90JqmEFtOUFkJt:kNg7BrosE6300VFtnFkJt","tlshash":"4ac1ff233b111c49f006dcd9fb5abf69a70f6423964f8e67f990791ccec51a403a2a8d","first_seen":"2026-01-03T19:33:29.7983Z","last_seen":"2026-05-13T19:15:32.311335Z","times_seen":16,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/footer-youtube-new.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/footer-youtube-new.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 3955\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:07:28 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cIjQs7Ing007gfUIeFxK1UMckZuZP5jw2QshWA3TTYXktQxxjNDVcg6SHZVjTv2pByjVmfg4OA%2FyB3XAm3ffI6eie5Td9bCM3lKXykXIkvjnXI1Tg3cgUchamDRFG8QnPi3WSvNae5Cl\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6815e1d2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3955,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"b6f18fca57bb1657d719961d350bda7c","sha1":"1e99ce9e9852ea8615b1c8c6f361058019d92dab","sha256":"0e888a266c4ad5136be1cf650faf222ed0d644c54d83068f0dfabc0fae53e90c","sha512":"6d55a83407bbfacbc7b7e56ebfa087040591f46763bf17288ccf4ac9241338b865b437e1a1c12b55e44f9e2d1bfc663ed5a38b570b0887f8832d596c1a8519fe","ssdeep":"","tlshash":"90816ee3ad0ff0c7ea155596ddf7bbf16b80002cc3015267a914511fe6486b34de5711","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-06-02T05:48:43.007636Z","times_seen":359,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/footer-reddit.d66cdc0d.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/footer-reddit.d66cdc0d.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 5043\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:08:20 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m626qgn98meHONZIXRjKMDFNLAghZGLdTVjdo%2F3B2PZFCtpQhfyDT3jtE9gvG%2BeM%2FQjuHMZ3x3KP3xW3RtulMs3cMCfoCIAkEZUg2NbF6CcJkSYoFRh%2FWLS79skNSY%2BNPrahhWzw1EHr\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6816e482efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5043,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"d66cdc0d92659b0e64d7aefab70a60f6","sha1":"f8dcf359bb72ed8aa3ef84a6d3f79102869a82f0","sha256":"642703b53950fc841394918d79cbabec6060242e45c8ded41d324e7d6dce8924","sha512":"559231e5e96e800fa3aafef4285dc5757c0974f7eb5588dede8e7f15f85790f797d0a98ce127760fd3641b7ef97ecf614dcef9f865a2a9896f7a036cb1ed6ae4","ssdeep":"96:0c3T5gjdJSEQbE7xjUA6Ybic1eG4kOiNJJqNbBU6syHj+:0U5gXSVQ7rh1KiVqdm6XS","tlshash":"f6a18d9b612a64f8aed6e960c53c8910eafd42df4ed45704ac16c1d1c98b50fff20f08","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-06-02T05:48:42.968542Z","times_seen":356,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/516a0baffe3a159e68bdd86de0b44370.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/516a0baffe3a159e68bdd86de0b44370.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 08:38:18 GMT\r\netag: \"a5ff17926f949e590b114f0a682371dc\"\r\ncontent-type: image/png\r\ndate: Mon, 20 Nov 2023 15:03:02 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13043999600941662932\r\nx-cos-request-id: NjU1Yjc1MjZfMzJlYzE1MGJfNmQ4Y19iMjQwMmQy\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NTk0MTEzNzkzNDI\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3118\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 11151332464840088439\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3118,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"a5ff17926f949e590b114f0a682371dc","sha1":"92af0e023bc64f989f73a126da0a42c84ef69ef8","sha256":"e8b5f812cf186241355e731c5d28464b3e9c238fa48b01be7e6959270b921cbe","sha512":"bed4104319e1c99823d3e548caa14cae17a303a827ab25b3d5084f9aa9b5ab234d2069331c2bf812ee62d7607f51f7f3e9bacec3f208d05a54d8acdbf58b7d15","ssdeep":"","tlshash":"8b51090cb650a742dd4fd97431f2c7324ba070a5bcd0e954a9bd8c4fadb51f04a2a69b","first_seen":"2024-10-30T20:47:38.976818Z","last_seen":"2026-05-09T11:43:13.742874Z","times_seen":16,"resource_available":false,"data":null}},"time_used":797,"timings":{"blocked":378,"dns":0,"connect":21,"send":0,"wait":67,"receive":21,"ssl":302},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/639119ab1c94cd1ac8de35c32e3fe1a0.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/639119ab1c94cd1ac8de35c32e3fe1a0.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"34cf3aa55d10f3f8869f264cdcb2ad5e\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 14:15:23 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 2435251802681037888\r\nx-cos-request-id: NjZmNDFhZmJfMzU3NmI3MDlfMTRiNzFfN2IzOTk1NA==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc3MDYyODM\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3523\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 6496922666358533443\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3523,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"34cf3aa55d10f3f8869f264cdcb2ad5e","sha1":"94cd8a7d54c36f1ce3f1a5d8925ef4e5c33da7f8","sha256":"6da833d493a4e1a3bf46b9d484477687d4a3c2c92aebf24c82f9e5f128b4368d","sha512":"204744a724e1e64e3c8af81ca50b1efd69a8b0d50f64c6722d71ee8d956a7781b15b9233071e32be8b24267925d5d7e29613e7431480a4e32bc21a7b4c43810e","ssdeep":"","tlshash":"fd715cb2acdb97b2616777a957351c46d7640b0ec9227a191104ee3d483432d28caa0f","first_seen":"2024-10-30T20:47:39.071579Z","last_seen":"2026-05-13T13:04:07.241219Z","times_seen":18,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":695,"dns":0,"connect":0,"send":0,"wait":26,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/9fa6d558721f6e36acd07a7e888cb093.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/9fa6d558721f6e36acd07a7e888cb093.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"f986a3edf3564d07cf8497527a484aca\"\r\ncontent-type: image/png\r\ndate: Mon, 10 Nov 2025 05:42:35 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 7276941598825304217\r\nx-cos-request-id: NjkxMTdiNGJfYmRlZjc4MGJfMjBmMDdfMWU5N2M1Mjk=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc0MDM4MjM\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2237\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 54059128128398286\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"f986a3edf3564d07cf8497527a484aca","sha1":"2d993ceef67ea14954dff2f59160e97b83a42899","sha256":"6c84b4807d7c29b131baf7c3f1195711c709971a2f8a528a08d00727d119841f","sha512":"2f21802f114a26d1af0e898432302241bf052005f9d3597d98bc90a9317c358fb7f6ad4c8549073818717752fd276492c8e1168d530e636aa24c00538569dbf0","ssdeep":"","tlshash":"ba41d9ae6716ed56ab0bac71cfc0c430ad9b644910c4664da3e1f479282153ca661d17","first_seen":"2025-01-22T15:28:39.233514Z","last_seen":"2026-05-13T13:04:07.185313Z","times_seen":16,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":695,"dns":0,"connect":0,"send":0,"wait":29,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/18c55dfcf1979f56d48e1870b4f421c1.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/18c55dfcf1979f56d48e1870b4f421c1.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:21 GMT\r\netag: \"b774c39776b7dd697ecf88fed774b8f8\"\r\ncontent-type: image/png\r\ndate: Mon, 04 Nov 2024 12:09:13 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 13057886671716270029\r\nx-cos-request-id: NjcyOGI5NjlfZWQ4YzdjMWVfMjA3ZjRfMWI4MWFmZQ==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc4NDY0MzM\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 6079\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 10336502341538863838\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6079,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"b774c39776b7dd697ecf88fed774b8f8","sha1":"d66ff1dd99523a66e995fb8438e252ba1b5c9edf","sha256":"1098b18c70cefcd362a7e60e28189a42302d0bda259ced33efa1f2c92098a606","sha512":"fed5b8cb3bc37767597166a52cb0476c95fce43be9d896cb2ea65092f0b9137dd4c34e6afc1d76e713466de28355a790349414e8f243e850a50fe4c48486e52a","ssdeep":"96:e5/CTP1T2YwGH4PM3B2CxrwPbL2YYowx+bzhnrQ8TH89CxNVE6/KDFFh77RA0:eVy1y5GH4Pi1twz4ozlrPcMvJ/KDNd","tlshash":"37c18e4e495477f936aa21718a153347ab63c391efbe72253ce48433aae2c550837f24","first_seen":"2024-10-30T20:47:39.060318Z","last_seen":"2026-05-13T13:04:07.164553Z","times_seen":18,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":692,"dns":0,"connect":0,"send":0,"wait":26,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/f269367cf868dddf53a2f5fb46c5839e.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/f269367cf868dddf53a2f5fb46c5839e.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 26 Jun 2023 12:34:41 GMT\r\netag: \"b5f20f732e6b6e682834ed01251dd18d\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 02:51:08 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 7863818824923771470\r\nx-cos-request-id: NjhlODc0OWNfN2FmNGQwYl84ZDFfMTljNDhlNjk=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTYyOTA4MjgyODQ3MjA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3036\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 17013220648653276175\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3036,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"b5f20f732e6b6e682834ed01251dd18d","sha1":"765090392444768db4fc5b4ce661597797e2f868","sha256":"1bbd31380e44dd6da3f306c3074af3e42b83049e5af2e714fa8e39b52f998f32","sha512":"a0aa0c46d7e018e7d042ca299e67829bc9435217e606fa3e74d8aa1452c2b24d07f7fc750640e9e8a13d502c1537b9a3f16096fe855a5abbe8d58811570382b7","ssdeep":"","tlshash":"60515ecfc6ca9d58c67b97588581409174bff28c497f178b022bb582fbb97c62208247","first_seen":"2024-10-30T20:47:39.025718Z","last_seen":"2026-05-13T13:04:07.169303Z","times_seen":18,"resource_available":false,"data":null}},"time_used":717,"timings":{"blocked":624,"dns":0,"connect":0,"send":0,"wait":73,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/6877.6d0fd829.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/6877.6d0fd829.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 6675\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 14:57:58 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:51:58 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 424999\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2NpyHFlXHs3LrIdt6TSKbep5Z6LjeVTDdtt8c91%2Fe6v9Di5%2FSFGrOKU9B669QgElLylzQrO5jVUpgRTtZBD7xloeugBckjVCKGP9OTqHI2XFDMjiAJHR78GLZBUkPRUXRk7yAb6VVjMG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda182efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28427,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28427), with no line terminators","md5":"0a7d3e9cfff1ff17b795bcd1ef91bb39","sha1":"d16d6c316191e8eab1ec1917c3c20402b505136b","sha256":"29af4e72d261b93f81e63d4485c41f74dde97be9c6c2305a3aaae207ec8583dc","sha512":"68aae126b7c04914c0a9c2341bf07264e2cdcc6d5aa15f08c9295c720a112af1926476e701d59c99ede65e7c5a439919149f2e8808e14e039c2fac3b5372e037","ssdeep":"384:COBTTh4GNg/wEHCpSqTq+RfeozvnQH5Q+Z+UCp0xFma3Q4N2dRo0dwcuHM:+i9qY4ZQ+Z+UCp0xFmuQ4N2dRoa","tlshash":"87d296a584568e0ca622abdf915ef5791995b7ce6cf11fdfe6dbab33a2c00fc1210014","first_seen":"2024-10-21T08:04:20.255854Z","last_seen":"2026-05-13T13:04:07.251591Z","times_seen":11,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/2291.ce051814.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/2291.ce051814.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 96260\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:59:12 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EwOTHzHwEC3B5U8y7f5K6D61Tvgpdazrfw4yyQkph3SkqfWJbzo%2BASQ1R5k899pocG8x1U2LdtEWvg%2F6%2B%2Fh8t29Tutckelr8GRUq2DXN5oACXEx4K6BnMTkq1PmGiY2fC7r7qfP1vPEz\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6805b562efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":577679,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e71c17f2e3bba590266c6a7bda9a01d4","sha1":"b3b5b2ae6e9a77e12a17adbfd01916d4338aad77","sha256":"ff89b640ad332b36420368d51ae0fc8db9dc28c2bba090337a82bab1c8621ba9","sha512":"630d663f6b152845ab85c6e8656f73fb08c863a8ad4714369d29561ffdeef4965cb42ad41514d25c81fc2583a24696a81ba643da7d1934a1c51027795cd11baf","ssdeep":"12288:0aUMnya1gUx/5lncjToP0MDnYtShiV5vstQ7cmgNu:0aUMn3ncjToP0MDnYtSPtQ7cmgNu","tlshash":"b2c4b43278a009bd7c679f82e5e7166e953244cfe3130d69b8b16d2f46601d0ad2ef9c","first_seen":"2025-01-22T15:28:39.126804Z","last_seen":"2026-05-13T13:04:07.305963Z","times_seen":8,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 5845\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03ed9-1149f\"\r\nlast-modified: Mon, 04 May 2020 16:12:09 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 410090\r\nexpires: Fri, 16 Apr 2027 13:01:18 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BEQjgcD%2BEJIN1id4WjslM6wrbeHG26tBgO780eBsAPmTk%2Bnx7b%2BOkUrUoJAD6ApuIc3UxFjYxprtovhezwsCs2ZlKLzpNbcBzWBpsrtkfnmF2mjBIWv8Cp9mzo4d9L3MQClCQohR\"}]}\r\ncf-ray: 9f25c680fa9075ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70815,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e9365fe85b7e4db79a87015e52c3db6c","sha1":"2e2b5eb6e08f0f3d11fe0ada97c962a23ba6a0d9","sha256":"dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56","sha512":"ad142d178576c2d02f5eca2ee22500b369171e2dcb8fd344ef1251efb0c4ec61ecc6063d4535b2f77773317803206f13a224530f8e55b0335d4e251a80e15e64","ssdeep":"768:/KvcqyF7I4rb84dLM+JKvcqyF7I4rb84dLM+k:B/nLMu/nLM5","tlshash":"40631be8e80900d26fb1cc03ef62b7ca1685f0a3f9d10dd8f17a998c29d16551597fab","first_seen":"2023-04-05T03:25:07Z","last_seen":"2026-06-08T12:26:35.778175Z","times_seen":10304,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagedoo.midasbuy.com/material/1450015065/0e9de9cb3561f51f2fb937bd34f03a30.png","fqdn":"pagedoo.midasbuy.com","domain":"midasbuy.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.midasbuy.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 21 Apr 2026 00:00:00 GMT","end":"Thu, 05 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D8:AA:29:F9:AE:E8:71:32:E3:53:9B:9A:8E:E0:02:65:B9:87:F3:C4","sha256":"3A:84:02:E7:BF:56:E5:1B:74:95:6D:67:BA:6C:6A:D9:6D:DD:06:3A:50:8C:FA:FF:CA:1C:4C:64:A5:DD:DF:9F"}}},"request":{"raw":"GET /material/1450015065/0e9de9cb3561f51f2fb937bd34f03a30.png HTTP/1.1\r\nHost: pagedoo.midasbuy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 13 Nov 2024 03:34:22 GMT\r\netag: \"44d26d7a678039f819144a9b935e8b06-1\"\r\ncontent-type: image/png\r\ndate: Fri, 15 Nov 2024 02:00:05 GMT\r\nserver: tencent-cos\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\nx-cos-hash-crc64ecma: 18192468951191887806\r\nx-cos-replication-status: Complete\r\nx-cos-request-id: NjczNmFiMjVfZGZiMDQ4MGJfMWM2OV8zMjRiOGI5\r\nx-cos-version-id: MTg0NDUwMTI2MDQ4NDY2ODc3NTQ\r\ncontent-length: 33331\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 1156611391712916160\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33331,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced","md5":"0e9de9cb3561f51f2fb937bd34f03a30","sha1":"3d6879bc28321f6e729b0731f6a1bbdd2cf6877d","sha256":"69af9942ae1c3ce709c358a8c28675d8fab6d35d721eedf4dd5201facaf77e62","sha512":"f95356b5951bd653fa3753b3a763ee74203b6d93e84bfce986454ac5ae7a48c037fd1cb6aac45a2b175c22b095a969ff1377544cffc88355429026c5685bd1d3","ssdeep":"768:KAvhwbFM4FdK2jAWhnNJKAfNa85QPw1I/Ul+zIEgY:TY+KA2MWhNQAfk85QPwNgzIEn","tlshash":"d4e2f17d41ed18750ecf17fd2e2c8ea6523a7d11029a9a47edb0036e71d9d101ee3aa3","first_seen":"2025-01-22T15:28:39.165707Z","last_seen":"2026-05-13T13:04:07.264584Z","times_seen":12,"resource_available":false,"data":null}},"time_used":1395,"timings":{"blocked":539,"dns":482,"connect":21,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/shapedisc.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/shapedisc.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 2654\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:54 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0oqROoM4ry%2B%2FWHrkXPDKsLXnGNnXidfTms3tx8BusG0KfhuZ2LhSwI1wINAZ0%2BxpltG1QS9ItK1lEiHbRGHpgfDrGHFcCPKlwTfHGTzcbLC2zKgY3IfvXBmARMtesWvR2cY78b5nmz64\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6814dd72efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2654,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 96, 8-bit/color RGBA, non-interlaced","md5":"3fbb4d016bd3a7e7deb7716bcc3cb5e4","sha1":"b5013c5ad4599438d1e9ce89a26c2a7ced31270f","sha256":"83aef7db7b1f536a9355fa29b6a4f64dde789962db28148bcacbb35575987993","sha512":"2b6e14d7b9d799dbad11a56fcc75dc5d20e4f08a2c2a863168137be193bc2c62d39dd1f61c40af4d740f3eff2c92b3d695d8daffd3dc212ced9b4766b0fe3c74","ssdeep":"","tlshash":"ac51f9d4fcc934f9120594662747d394203382dad14334ae299956d8e869c2fcf52e44","first_seen":"2025-01-22T15:28:39.035402Z","last_seen":"2026-05-13T13:04:07.262352Z","times_seen":12,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/e244669a6fa4cfe89aed057519161d78.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/e244669a6fa4cfe89aed057519161d78.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"e08a15423337ba937e065eda36347810\"\r\ncontent-type: image/png\r\ndate: Fri, 10 Oct 2025 06:22:44 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 7780438810268737174\r\nx-cos-request-id: NjhlOGE2MzRfN2Q4YzdjMWVfZWMxM18xOWQ4YWJiYw==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDczMTM1ODg\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3667\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 9821364746381100749\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3667,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"e08a15423337ba937e065eda36347810","sha1":"2e5418097de8a02d22fccbc41ecafb78b3c689ed","sha256":"75cb45b3932dbc949430927b52c905d741b2418470c74a7a8dbf0e8883457511","sha512":"2981bdb016f2531033ae9cd76f5ca446fe85d15f915cb098e1f99279cbdf2096b53af77b69620519c194307db0b97c5a88c8d8fc98b90183018829a5e8506f95","ssdeep":"","tlshash":"80716d741d5cd9be402d1ce5d391a57cd6d0364c4fad0f0e9a43670d33aab4cf952694","first_seen":"2025-01-22T15:28:39.168405Z","last_seen":"2026-05-13T13:04:07.235517Z","times_seen":16,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":692,"dns":0,"connect":0,"send":0,"wait":29,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/googlebtn.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/googlebtn.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 2775\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:14 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ohubTdj1JpQfcsfH8c1NR7OXiau5MGqF6HcymtzE%2BeNneRj1PPwpMa3H0DP4zC%2F6BegM7I94M680Thfdv1ATcD6ixvhE7xOSRVAiNbzU3hXMXWp5vfqjajbMp9DYaGbhdi4jevpjZsCx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682fb2e2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2775,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"bb07f711725f5105be35ff613045dece","sha1":"cd5003c8d6c86715cfe19485cf8ac8c3eb72d2a9","sha256":"192b586678e57d05d94f8b363c7d3bf4fbb3241e7690ef880f0cd96ff6bd34f8","sha512":"2ae6225fe93d8229d704a6d12a1e028c6a4274993ada82ed723181bdbcfe86d05b90d6d207d87442c95a2de21185fa11d50a0364c0415793262c83af7dd8a93e","ssdeep":"","tlshash":"c7512ce7e7449864c8d73a25f5e26c9e7caf4e912742e00436c2dd36cb6a10a58443d7","first_seen":"2024-08-19T17:03:14.927888Z","last_seen":"2026-05-13T13:04:07.212799Z","times_seen":46,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/bg-notification.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/bg-notification.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 124372\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:11:02 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:04:54 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417017\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7X2OsDKNIVuVmqNY%2BdOaYFXPssrEeqzu%2F26loQ5dI2aso6PMOjIK2fZmUxVKCsVGqoXmy1PUaK5QCyf3qQam5snFKMwlE9WiXlIKLkFz2gUg7Tx2a5rxEvK3r7kDzrvI41On0XqlaNcf\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c68798d22efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":124372,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 670 x 140, 8-bit/color RGBA, non-interlaced","md5":"be262ff31cda4e8bbd0b3198ad0bdaa0","sha1":"d34ff5a170b84318462b5371caf31841115668a5","sha256":"610c96e440aa0fe3a00fee4652e344d5dd1f06ebc45ed10c3b12fffc18c17f2b","sha512":"df3449396cad0b8a2a973b20e04760a7d894ad41dea8da52e5d44dd12e20e81fe561d3e3142f14e66f523d37481ff31f836382b0c8835bfffbea44f1dc7af184","ssdeep":"3072:SD5bkbMjk0ih7YMQ3jSHKdnWQxspb7WM8VDxnxjcaAVQCk8f4F8IVmQ7tB:SNIbOkWjSqAF7JgxfYQlg887QBB","tlshash":"3cc31212fa4ce09eee00365ec7f796b4d0260db715bb4abfc8d830d29d468e57943652","first_seen":"2024-02-28T01:08:41Z","last_seen":"2026-05-13T13:04:07.247862Z","times_seen":31,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/4521.6f6cf9bf.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/4521.6f6cf9bf.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 10025\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:54:46 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HbqB8WaymUN8%2B%2Btyw8tvvk0KnMAayrxw7bj%2BPe5aVFninMeZ1nerZIAvtm%2FUBTjA0TPLyzDP5XG7ZSy5GxUa63YRYdcKusQhg5LrQfwJ9Quc5KOnUHL06o8ul0KF8F0mjfeanak2bW1u\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c67fda252efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":42869,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (42869), with no line terminators","md5":"877bddfcbdc84f7c871dac41c72375d7","sha1":"c48de55760b5416235e942fd2ddab66d84cdabf0","sha256":"4e8acccd17c7a47ad3c406d971e3dc16387bfd5d326942495e39d129a1982603","sha512":"3d80aa94d928efb6b6dfa29e129196b3a5f0fd4664c4cad29db2371b349b2953969efa4be8396bab16ddece4e2538e24312308d57d22352ff684160270e48c7c","ssdeep":"768:Xi9q998EbF9RVisBjGoRv5EFyDlEzLEjaBoHw5:XiQ998IFLgiqqBEAx4kaBoHw5","tlshash":"b913637e77007bc8a3ed91d1c999b1a826d8818d73121d3e6aa46f6db5730cd3e290c7","first_seen":"2024-10-21T08:04:20.319081Z","last_seen":"2026-05-13T13:04:07.22248Z","times_seen":10,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/css/google.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/css/google.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 1538\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:44:10 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=efKYEkYYFJ5CBR56%2BVBc%2FnFYVBoZUQ18HuOezlibgtMPiKdZ6PDS25RzZtnMJnjY3bnfMGblojqZfbdSRoDO3IGiyI8JubbZo%2FkXrSdqPVcQ1VwtDOU7mJYB0jPPavs9Gg06DA%2Bh6i1F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6807bb12efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":7548,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"6b152699476854bb4c139fffb3519635","sha1":"8c981380a5a3c1c2ab0e87daf1cf5da1538ca1cb","sha256":"dfd32d82e39b0b720e9c9c2adf95c4b65ee95ff4f8649f6dbf96425fed89f87f","sha512":"e5ef09d46a94481991287a8cacdf8d11514789d0f21e862b40955cb72f1a8cd1a08551bac215a20d0696ba5dd598ba72b583f768f4f4bf951188137e33eca440","ssdeep":"96:cObJ8PC4vIQwMORAT3Ls6LCLlQMk619By6gBxOBurUXVIoC0AU/+xOXKK3KKk1:c08PA4bs6LCLlQ16PBy6soC3U/+xu9m","tlshash":"70f1df5aeb106009b132dbb8bbb24b45e91d04639b0785b9bb9d6340cfb156c5372fdc","first_seen":"2025-08-08T20:20:25.057934Z","last_seen":"2026-05-13T19:15:32.300065Z","times_seen":19,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/2a34d021fa8905bfbee4b949d9112955.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/2a34d021fa8905bfbee4b949d9112955.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 08:38:18 GMT\r\netag: \"b1ef3a4c526fab33ff2d61e70691b5c3\"\r\ncontent-type: image/png\r\ndate: Wed, 17 Sep 2025 05:33:40 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 1838305195991445584\r\nx-cos-request-id: NjhjYTQ4MzRfY2RkMTE3MWRfMmZjMjFfMTY5YzgwMGU=\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NTk0MTEyNDA2OTg\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 3160\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 3421543853945346857\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3160,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 96x64, components 3","md5":"b1ef3a4c526fab33ff2d61e70691b5c3","sha1":"8c45f00e9ebd183e98e4aba34afb9fbac36fc5fb","sha256":"9b317e8849ef1840d10379afa7a9541a6aafaa6ad1f3d97e97051ed0ae59cadb","sha512":"c2199fba35c8f7746eca59e6fda0a705ca37966ea8faa25e34aaf697833fd4a115fb021e91a1cd1fcbe325b92cceaffd2b4f5d43f32f2ccb0f71db7cfc793661","ssdeep":"","tlshash":"7a51f94bf9625b03d600d27624f786375b6852c0ed63e06cb4bdd81beca10f99a627d1","first_seen":"2025-01-22T15:28:39.172827Z","last_seen":"2026-05-13T13:04:07.211741Z","times_seen":16,"resource_available":false,"data":null}},"time_used":738,"timings":{"blocked":657,"dns":0,"connect":0,"send":0,"wait":76,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.harvestsharp.com/images/midaspay_channel_icon/a6261977ff0293e3058964c7a2afe32a.png","fqdn":"cdn.harvestsharp.com","domain":"harvestsharp.com","tld":"com"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.harvestsharp.com","organization":"CENTAURI DYNAMIC PTE. LTD"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Mon, 31 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"02:6B:1F:32:B3:B2:6F:A4:25:AC:1C:E3:87:90:E7:4A:78:36:9F:BE","sha256":"EA:E9:7E:E4:22:E2:21:19:4A:C6:3B:27:29:3C:BE:BE:35:A4:A6:F4:0B:C6:AA:9E:C6:EF:BC:30:7D:58:11:67"}}},"request":{"raw":"GET /images/midaspay_channel_icon/a6261977ff0293e3058964c7a2afe32a.png HTTP/1.1\r\nHost: cdn.harvestsharp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 30 Jun 2023 11:59:22 GMT\r\netag: \"b31ce4ea3f36b643d879bc775e4b2230\"\r\ncontent-type: image/png\r\ndate: Wed, 25 Sep 2024 15:27:03 GMT\r\nserver: tencent-cos\r\nx-cos-hash-crc64ecma: 15071490587419365839\r\nx-cos-request-id: NjZmNDJiYzdfNGJhZjRkMGJfMTYyYWJfN2MyOWQzYQ==\r\nx-cos-storage-class: MAZ_STANDARD\r\nx-cos-version-id: MTg0NDUwNTU5NDczNDc0NTYzMzA\r\nx-cosindex-replication-status: Complete\r\ncontent-length: 2374\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 7328306906520030525\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: Origin,DNT,Accept,X-Mx-ReqToken,STAFF_NAME,Authorization,x-request-id,X-Request-Id,X-MVS-CSRF-TOKEN,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: max-age=604800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2374,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 64, 8-bit/color RGBA, non-interlaced","md5":"b31ce4ea3f36b643d879bc775e4b2230","sha1":"95e1148688e09900f7754747a1e5d0c8e8b6ff08","sha256":"7a5bbae00b4f97b85816835eb0df867db461915f68a1c9bf5db39bbc40b6e11d","sha512":"431738a269c471e9c557893a9e9ccceda588218201b71a71171f2f6ebb4346595ef1cac68bc0ad67c661f22c24a4ed66f8aef974141482100472724e252d9b15","ssdeep":"","tlshash":"f5413b198bd4c75e4ad505302b1bf38d62c9786cb1484f245180f84d2eace031362db9","first_seen":"2025-01-22T15:28:39.226755Z","last_seen":"2026-05-13T13:04:07.316855Z","times_seen":16,"resource_available":false,"data":null}},"time_used":737,"timings":{"blocked":656,"dns":0,"connect":0,"send":0,"wait":76,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/Hide-Password.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/Hide-Password.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 28029\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:16 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=86ckBqXgueTIp1HOeYESnNJ1mSEQuG0NZ8aQ4ILcIowuMDxo1lrSHfar%2F80QebkR%2F2T4TANXOZITXUoiLqc7VAbEjVHAeI%2FnbOozPFg6czxtQc3XeqF2S6UUk9aK4mdNQDmwpSI5vZw2\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682aa4e2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":28029,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced","md5":"8d1f08b46884df302bf7300fc234832c","sha1":"5735d57b6fa211c400d439095d5ff2f5bb57e691","sha256":"e4cff1f68b85c3343554090b3479273a54e5eed2dbb3e56ceb9f86c4ebe8b0e7","sha512":"e9e6d2c2f0df932daf50f158bad52c4de66fd403a8400cf9cd25fa48fa8147f65819d722773d9aafdcac5bfa4034f5540f1fe7cfb9b37d97f2a700eb54242a89","ssdeep":"384:bYRVO2zHzAUrJJtUOqhoFiXNm3EhiPCBk5u+z+b1o98PEgkVnRsiT3oCB41+ddD+:kjAsJtUAINcEhgCBk5mI60VRcCaqdC","tlshash":"95c2ae37f3a289f37da653727a64511a14714d094abcb95ce4c9ad12fb7c2e43039b83","first_seen":"2023-04-30T19:27:11Z","last_seen":"2026-05-13T13:04:07.317976Z","times_seen":910,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/img/style-img/alert.png","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/img/style-img/alert.png HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 3209\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:45:12 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7xJ0ykG7VQ0i6mSajXFuM2NhKLW1p9BVbWVcwYze23logfGivez7Dr3qYFGMtstqwew3F7OFgCc%2F3%2BW59awNM16eeFGxZgJAqPdiqD41EGtCDK0hwx37Bisv9wBkkv25jT3WvSATN5YC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c682aa632efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3209,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 86 x 86, 8-bit/color RGBA, non-interlaced","md5":"647348a6c16dc7ffa7582cef63d47247","sha1":"8ef22a07be992cc94060b8b855be9ebfaed98d9c","sha256":"5717e656143df2f6d333dc7d08fe1c25727cd8a2076e5d8242e65cf256e8a1ef","sha512":"37c5015d0dacc74599d823f894c05d31a6da0d307ad02cebc3ccf28c87e383fa5e66e02895ff8e19890505778daac9cb3edf04f0880cd9b69040fda685a4a77a","ssdeep":"","tlshash":"e2615c6a90a27ec7f575322f59792884c0f989d6f433267d3c18d5b108cd7a7467051f","first_seen":"2023-11-05T14:08:59Z","last_seen":"2026-05-31T06:09:53.731147Z","times_seen":262,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/6437.a65425a1.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/6437.a65425a1.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 7209\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:58:42 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K0bd00D6Re1%2FVpRgeIQprhGzUV%2BJRyryLrQEMYN9SkYJ9iWOjKKIIMnkguEqBogw1MWEk4izzHn4pgJRRCQRL192XIeL9O%2FBDVQZ5kxU6hTm2t6AOGIg0ZDFIm6oBgS%2FQnBGb6kzFZy4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6801ace2efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":27949,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (27949), with no line terminators","md5":"c6f0c895f2f6edda845448d1f16160b6","sha1":"f88181a3a500a9be1889ef6117cd2bbb18d000fc","sha256":"775365cc307ca258ada710bf886b3daaf5d048a79c9291a88d225de4c8bdaf4b","sha512":"acc4c78da2ebd643ad9192041a306b6ed666f6d512e315075bb66af7d0b100ece1212aa7bc43f8d62429b54b9f47920ef0cc8bd9c82f7d9265617c3a7478e5ad","ssdeep":"384:HEdMyoraQDhlwEHCpSqTq+7SCvOOcmF1MausVApgvNd0smy27Ne:Vi9qzCvOOcmg/sVApgvNd0smy27Ne","tlshash":"82c2b62fb4623dbc617ee886d9628cfbb504c9026cd6c559d4982ae64b430bf31d73b4","first_seen":"2025-01-22T15:28:39.102178Z","last_seen":"2026-05-13T13:04:07.175468Z","times_seen":8,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/6775.989832d5.chunk.css","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:18.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/6775.989832d5.chunk.css HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: text/css\r\ncontent-length: 21452\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 15:34:40 GMT\r\nlast-modified: Fri, 10 Apr 2026 16:58:56 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=2,i=?0\r\nage: 422797\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OUUCBCfhN%2BcxoFvvNYBnq5tji3robwqt2Apjab4Rh5xwz9%2FCZNf8n1wenAyu7Llc5DYIsSIpqcR0GFw4oKRrX%2FX3lsnFLccLOs7zDkbL1hdPY%2BFfo4DHiYfW5u6ZKycaBm42Ro3dVslJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6804b482efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":193601,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"c2e359a1ecbd54ae957305f4c9f31bf8","sha1":"cea0c2890d72427dec095c6cc3236b26d8544c72","sha256":"dcf9db608641a5727d309b15777175649d84bfc5983466e3e6971981eba8e370","sha512":"c96f872a64d6985dd99f4221baf2bb1a0d558f5cd955c3ce119beef505b8dc6de950d4d4e6f01505632fdccbfcb74767686d5eb748cdad6d66ffbdae78d9425b","ssdeep":"3072:mVj9K9j2f242j2ezuzLznzS0R0y0p00eoedeveeN7NkNnNuUqUXUtUc696u6U6p0:Qj9K9j2f242j2ezuzLznzS0R0y0p00eV","tlshash":"db141b17c4946c39fa7bfa93f5c788ae45348887b7c61aede698644a43d3bf4e107204","first_seen":"2025-01-22T15:28:39.11561Z","last_seen":"2026-05-13T13:04:07.236542Z","times_seen":8,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"irdgqgog.fortoday.asia/mH410fU8/jestore/C8li6p0k.jpg","fqdn":"irdgqgog.fortoday.asia","domain":"fortoday.asia","tld":"asia"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://irdgqgog.fortoday.asia/mH410fU8/","date":"2026-04-26T13:01:19.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortoday.asia","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 07:23:34 GMT","end":"Wed, 17 Jun 2026 08:00:16 GMT"},"fingerprint":{"sha1":"82:CF:C7:9E:0D:CF:FE:4B:17:8B:52:84:33:14:7D:F7:88:A5:91:F2","sha256":"4D:A9:CD:77:E2:DB:CC:1E:07:30:B7:5E:52:3A:AE:82:0C:14:88:D1:96:D7:F5:77:DE:8F:2F:8D:1E:5A:F1:7D"}}},"request":{"raw":"GET /mH410fU8/jestore/C8li6p0k.jpg HTTP/1.1\r\nHost: irdgqgog.fortoday.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://irdgqgog.fortoday.asia/mH410fU8/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 26 Apr 2026 13:01:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 153147\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 28 Apr 2026 17:04:39 GMT\r\nlast-modified: Fri, 10 Apr 2026 17:02:16 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\nage: 417398\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KF26AY6GbdrVOLELfEnDF20Q6d98oZzwUmFXMKm1%2Feufbp4813tsb5YkvNS29TO6LTuVJnN2EsX3h5FflaildhCrXN2B2pqbYZ9sB7x7sgwU4UokMITBVxmJsRRbwJ5jDvQ2iWk8zRVW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f25c6812d862efa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":153147,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 1920x244, components 3","md5":"9bed2e927deee4a34da9aa87e94badec","sha1":"386700ccd9d3407ce9ac0df19a520a15769ee0e0","sha256":"b2cc518cc0f0b07baacded3e0cf6ea52f5ead9faab7b67882edae3fe7e1c8796","sha512":"c7f5d9db551b0339c11139dc3573ad64f07c5c212c14f94686d9556032f7424b05672e545827022e92d3d47c7e0f4e018edf993bd56f177c99c5d127aa1dcb5f","ssdeep":"3072:47/yV2h7JKSr2mHx31kVxW7oX89eCfrqPAjmpdJ0W9yRdBztI1//eo9A:u/yQhtKY2mRymkXCjqPbJyRdBztO//pW","tlshash":"bee3121fc9068192caa6c0beb5ecb78143082bbf550d2c573f6b897a36514e4f5a34a9","first_seen":"2026-04-26T02:12:57.136674Z","last_seen":"2026-05-13T13:04:07.176808Z","times_seen":8,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-26","alert":"Phishing Block","trigger":"irdgqgog.fortoday.asia","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"irdgqgog.fortoday.asia","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}