{"report_id":"4a848936-994d-4998-9bf0-3185304d0b1e","version":6,"status":"done","tags":[],"date":"2025-12-31T07:41:39Z","url":{"schema":"http","addr":"m.yzsgj.top/tp-news/list_1_28.html","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":0,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"m.yzsgj.top/tp-news/list_1_28.html","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"title":"TP资讯_tp官方网址下载·(tpwallet最新版下载)2025tp钱包安卓手机下载|你的通用数字钱包","dom":{"size":40873,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2080)","md5":"262cf83436cc254428d0da1e89a2d357","sha1":"4d02b4d9b8286e8910645383f5924c3b955c5cbb","sha256":"50790e7db050ba303a5323dd2fc482478b38ac3d719380f6ac058c7f8eae80cf","sha512":"b09100b62aee3ef675a86a475df5e8e1324d0222bc805f259950af07ff16791e76e08fd14f612455d7fa68bd21f3c213006c53797e2edab63cfd87bd2a28e98e","ssdeep":"384:V0PI4Gt0EvQQKus3h8Z3QTLnQD8QhQrQTOe5ZlZenjfa3Bds:V07yxvQbK/DB2kTOe5DZenjf0Bds","tlshash":"ed03959254f8196f067281d8b8b11f2e7f96e50fd76619743e9c0e891f93e528c03746","dom_hash":"domhash787c57b4065bd7179a44221d887c094b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"m.yzsgj.top/tp-news/list_1_28.html","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":0,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-04T07:41:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-31T07:41:21Z","timestamp":1767166881,"ip_dst":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.5","port":41302,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-31T07:41:21.044173+0000\",\"flow_id\":1335201508467541,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":41302,\"dest_ip\":\"154.90.30.70\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"m.yzsgj.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":926},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":548,\"bytes_toclient\":1654,\"start\":\"2025-12-31T07:41:17.762709+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":2,"received_data":33015,"sent_data":908,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-28T22:14:05.525046Z","alert_count":0,"request_count":4,"received_data":131468,"sent_data":2169,"comment":"","tags":null,"fingerprints":null},{"fqdn":"m.yzsgj.top","ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"domain_registered":"2020-08-07","domain_rank":0,"first_seen":"2025-12-31T07:41:40.095817Z","last_seen":"2025-12-31T07:41:40.095817Z","alert_count":43,"request_count":11,"received_data":568224,"sent_data":5153,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Popper","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]}]},{"fqdn":"oudngmslhifnsf.gdmgcyy.com","ip":{"addr":"206.119.188.34","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"domain_registered":"2020-05-10","domain_rank":0,"first_seen":"2024-02-01T09:47:13Z","last_seen":"2025-12-30T12:02:54.31966Z","alert_count":0,"request_count":1,"received_data":1837,"sent_data":415,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.21.4.3","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"m.yzsgj.top/skin/js/jquery.min.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T02:23:44.781794Z","times_seen":261115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/js/popper.min.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5644e6835941af44dcb5cead916c2b79","sha1":"6eb1840d55338895ce6ecc3eab56132b1d152b93","sha256":"315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58","sha512":"474fde416d70e43cf6ac2d21f3b1ab49d70be355b7424bb500bc13161c6e7830b09ff3171f6ebae27d966cfaacab84515f1de7ceef603a748a5502d8941c4669","ssdeep":"384:2Yn0vf4wzTC9nNbR1PTM4CrBEQxkxpOxvYLmD75zfC5vIfg3rzGp/TidOgHhXjEO:Z0vAwzTC/nM4BxpOxv/D7pC5vfzy/Tij","tlshash":"8992a3dc3294b0a647ab91a7a07f960eb1335875610e9410f19df2e97c30ef9a13bc79","size":20340,"data":"","first_seen":"2023-03-07T01:02:42Z","last_seen":"2026-04-01T06:15:58.209403Z","times_seen":2528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/tp-news/list_1_28.html","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"deab99731237b52d1b60dd7d144a15c0","sha1":"1cd0ca53fbd8c8943a02250ab2e4e47a66e420da","sha256":"e1bfbe54fd1f16ed88120eae9549e8cf7d708eb595d8c787930215b22b4497c2","sha512":"74c463682de765e7ed115ad8a626e05ea8789078398e3a568decf38561451b33980fac4ba37c18b4189969ff51680cbe536cbcc99b7a1b3daa3b67ed11d28548","ssdeep":"","tlshash":"48b012422e0891406a0418840431f5cc30748829bd84d9124049411004616d80842d00","size":87,"data":"","first_seen":"2024-04-04T05:50:24Z","last_seen":"2026-04-03T18:30:23.411977Z","times_seen":730,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/tj.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5d3d830acdaadeaff7de7ce0822c3d11","sha1":"1a09f51cb91558fde445ed7ed306693b30e0856e","sha256":"0c8716986951d50457d9d3c517f90b78ee0c0cbc43cb5ca3ed011d46ee79ed80","sha512":"60463dcf797c663d452aebe90d84eee917719b1265949a79945e0f3a35c18bdefa73e9a11ccb13f38f64a9f42521b76ce4b2189bb065b14a1780479d153b1d77","ssdeep":"","tlshash":"39e0c0e0359274ca430ab8d0043bd00ae2fb56497caf51f4f908710e795578c529f659","size":362,"data":"","first_seen":"2024-09-04T08:43:24Z","last_seen":"2026-04-03T18:30:23.331777Z","times_seen":389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oudngmslhifnsf.gdmgcyy.com/tj.js","fqdn":"oudngmslhifnsf.gdmgcyy.com","domain":"gdmgcyy.com","tld":"com"},"ip":{"addr":"206.119.188.34","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"75744fb2ef623aad85ddbffa4cf8d621","sha1":"f4b47226e8c7acbb1aed3b53e1e41ab5edd01973","sha256":"3aa8a8bf8c2853aa2eb294e9303ae7aff22aa1d076dd91e1ddbc13b888fa91a8","sha512":"c51b00c3235de1998281f2bc4e9df5883254da82233265b6ed7dd497e1ac776feb5c0172656e4447a8fe67ec675e226ade7b159422af333fdfc12e8cc1825b54","ssdeep":"","tlshash":"77316578374b14a23337f612144b541c62b5d3854b6f08e0e3a576997de6948d04bf7e","size":1546,"data":"","first_seen":"2025-11-25T12:21:30.366924Z","last_seen":"2026-04-03T18:30:23.366728Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/tp-news/list_1_28.html","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"40f33486c7e82a3599949a8d82c3b3cd","sha1":"db1d5cd111c40cef169f44f9c9cd500549fe362c","sha256":"9c6798c006df11e477245aee0c73b729977f1e5048a07749b8551915cd563dd3","sha512":"dd252826130921e83ebc1257a15395cf2181c5f81e52424af0b22314430a5969e1048a3fc842889144daca85374ca9976c331ff03cee1a0dc938d61726232c0e","ssdeep":"","tlshash":"613112f17096902e8163566138556f9c793c6150ef168c7244ecb9b4e885ec67413f8c","size":1507,"data":"","first_seen":"2025-11-25T12:21:30.433689Z","last_seen":"2026-04-03T18:30:23.412766Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/js/modernizr-3.6.0.min.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"50618549de4d3de4b9c416f04c2fdb22","sha1":"1f7c186652d309d4bf79de3ad7c318adf2246859","sha256":"70961057ef3fadbe6fb56cc6445880d6b96dffe9db95bc87485fcc1595728b6a","sha512":"9078a268425196e2928f45810b35b84f4f2ea126cadc6f9c3d4c7e51d8417ee6ad7fa7fa942b87c6ffa77e34b357955619f6da3738610662b125df7c777c6d30","ssdeep":"192:dEYT/2wPZgoOfzAL0kvzaPWNI1C/W0DVLzcuQWyn:dLT/2wPxOfzapbaPWNI8/tzGWC","tlshash":"d302c9a97697b672836a3070117f040ead3b2c096e05c444f02dd5ac7bbcaa46367e2e","size":8638,"data":"","first_seen":"2023-03-09T04:31:11Z","last_seen":"2026-04-01T06:15:58.198904Z","times_seen":109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"0c62e4b2ef2dd122138f49484f5df37e","sha1":"ff69377d20545562b648b7607e40251bcb0a004f","sha256":"97e41672c8ac279bcf8d69500df45bf1b8650ecc272a99d9bcb34872c99edc56","sha512":"86c681a67693b3e00ff96b85ed22213d83750667670e248ae8e60a8e582e6c05bb650446a2feef2103d7c214ae2dcdaf5f6968fa0a100efa2996337571d24417","ssdeep":"","tlshash":"8ea00257ad09d5949a00acc84436f5cc6021994e7dd8dd6789b852155d626ed0852940","size":64,"data":"","first_seen":"2024-04-04T05:50:24Z","last_seen":"2026-04-03T18:30:23.413487Z","times_seen":729,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"m.yzsgj.top/skin/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:27.154Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/skin/css/plugins.css\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:29 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 38384\r\nLast-Modified: Wed, 08 Nov 2023 16:37:38 GMT\r\nConnection: keep-alive\r\nETag: \"654bb952-95f0\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38384,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 38384, version 1.0","md5":"a4d31128b633bc0b1cc1f18a34fb3851","sha1":"6ee4c79372c3fd679706306ede47e4b03cf53d60","sha256":"e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c","sha512":"c129c0cb100feea6d00b739d1cde2a7362b2f45f38da3e4c949193f40e59abc9c387ada4bb230b00fd62e137409e18def7c1636e1cd463f8070106e8b7e21d48","ssdeep":"768:FQ+usUhhv0N8qSRCjPCyloYRNcIsTh38i8/3V93ut0f:FQlsUhtYLBl/nGpUvI0f","tlshash":"db03f163b5a6f248eb812d7523b052ae52cc22434f93e19df585d72cefc615e025f722","first_seen":"2023-04-05T03:25:07Z","last_seen":"2026-04-04T01:33:02.805397Z","times_seen":4810,"resource_available":false,"data":null}},"time_used":4263,"timings":{"blocked":2398,"dns":0,"connect":0,"send":0,"wait":1713,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oudngmslhifnsf.gdmgcyy.com/tj.js","fqdn":"oudngmslhifnsf.gdmgcyy.com","domain":"gdmgcyy.com","tld":"com"},"ip":{"addr":"206.119.188.34","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:25.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oudngmslhifnsf.gdmgcyy.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Dec 2025 06:39:18 GMT","end":"Wed, 11 Mar 2026 06:39:17 GMT"},"fingerprint":{"sha1":"84:4B:0B:7A:0A:D0:42:4C:42:71:F9:E1:85:CC:DD:07:F9:BA:C0:D7","sha256":"11:41:A5:14:00:68:D7:F8:23:DF:F1:C7:18:0C:48:6B:48:89:72:3F:4A:54:4B:2E:B2:5B:F9:3A:4E:E5:22:D4"}}},"request":{"raw":"GET /tj.js HTTP/1.1\r\nHost: oudngmslhifnsf.gdmgcyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty/1.21.4.3\r\nDate: Wed, 31 Dec 2025 07:41:26 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 25 Nov 2025 02:47:15 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"692518b3-60a\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.21.4.3","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1546,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1546), with no line terminators","md5":"75744fb2ef623aad85ddbffa4cf8d621","sha1":"f4b47226e8c7acbb1aed3b53e1e41ab5edd01973","sha256":"3aa8a8bf8c2853aa2eb294e9303ae7aff22aa1d076dd91e1ddbc13b888fa91a8","sha512":"c51b00c3235de1998281f2bc4e9df5883254da82233265b6ed7dd497e1ac776feb5c0172656e4447a8fe67ec675e226ade7b159422af333fdfc12e8cc1825b54","ssdeep":"","tlshash":"77316578374b14a23337f612144b541c62b5d3854b6f08e0e3a576997de6948d04bf7e","first_seen":"2025-11-25T12:21:30.366924Z","last_seen":"2026-04-03T18:30:23.366728Z","times_seen":219,"resource_available":true,"data":null}},"time_used":2073,"timings":{"blocked":891,"dns":14,"connect":289,"send":0,"wait":288,"receive":1,"ssl":588},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Roboto:300,400,400i,500,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 31 Dec 2025 07:41:23 GMT\r\ndate: Wed, 31 Dec 2025 07:41:23 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27115,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1cd2f8bb5d50b9b9e9ac51d0ec49a565","sha1":"130c2cf5cd758167e876a0298d01484aa225efa9","sha256":"a9d7d3660a8d751e61002ad4321156053cd53b6ce81595922d10cf12feaa01bb","sha512":"4cde70cc5bb73aaa73175a9d97b6af6b6efe29423c61838ddb01720bbd70f16ee54f1536c956259bcec7a9894dc54cda548d186696f34b68ce46480133f9fcd7","ssdeep":"768:VEjMWAE39HTR8XguBSivFRa1KRzBfiiMgFK1GIBEiNnr7gr8yBOijh1X:XLJiWp","tlshash":"03c20e61041b504097834ce223cebe34fe1f92547142d0b5ebfdab6badcbca6526936d","first_seen":"2025-11-19T00:32:11.421218Z","last_seen":"2026-02-19T12:29:18.071215Z","times_seen":221,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":71,"dns":1,"connect":7,"send":0,"wait":31,"receive":0,"ssl":114},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Poppins:400,500,600,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Poppins:400,500,600,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 31 Dec 2025 07:41:23 GMT\r\ndate: Wed, 31 Dec 2025 07:41:23 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4528,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e7d5447d329433ac520959278202b0aa","sha1":"7df6cef4d85d94637f46814cb440bde09fe64b5e","sha256":"b70200f61146a9df3194e0975661cd1c7f92b38260f3e717ba087f765e5eef1b","sha512":"2469bdb048b22e2450a278298086d4a0a79488d922c18c069ee92b93435113ad66e4fce9d2a2f461ad2f2bc57e182389fc9f5019b2ac9cb076d1a98d6b0a537a","ssdeep":"96:SOLnOLCJc+ukOLuN3Og3OgvJc+ukOgON3OxTcOxTUJc+ukOxTrN3OCvOCnJc+ukt:3CKSe1rV3HwwVzzbZ","tlshash":"7b918bd2087ae41467931cc222ce7d36ef0ea244b454e5746bfe0c9cada7c69537272d","first_seen":"2025-09-18T17:41:31.889502Z","last_seen":"2026-04-03T22:52:20.370691Z","times_seen":1643,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":54,"dns":1,"connect":20,"send":0,"wait":33,"receive":0,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/js/jquery.min.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.677Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/js/jquery.min.js HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:25 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 08 Nov 2023 16:47:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"654bbb8a-14e4a\"\r\nExpires: Wed, 31 Dec 2025 19:41:25 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T02:23:44.781794Z","times_seen":261115,"resource_available":true,"data":null}},"time_used":2287,"timings":{"blocked":113,"dns":1,"connect":151,"send":0,"wait":1867,"receive":154,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/js/popper.min.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.679Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/js/popper.min.js HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:25 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 08 Nov 2023 16:07:20 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"654bb238-4f74\"\r\nExpires: Wed, 31 Dec 2025 19:41:25 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20340,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20164), with CRLF line terminators","md5":"5644e6835941af44dcb5cead916c2b79","sha1":"6eb1840d55338895ce6ecc3eab56132b1d152b93","sha256":"315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58","sha512":"474fde416d70e43cf6ac2d21f3b1ab49d70be355b7424bb500bc13161c6e7830b09ff3171f6ebae27d966cfaacab84515f1de7ceef603a748a5502d8941c4669","ssdeep":"384:2Yn0vf4wzTC9nNbR1PTM4CrBEQxkxpOxvYLmD75zfC5vIfg3rzGp/TidOgHhXjEO:Z0vAwzTC/nM4BxpOxv/D7pC5vfzy/Tij","tlshash":"8992a3dc3294b0a647ab91a7a07f960eb1335875610e9410f19df2e97c30ef9a13bc79","first_seen":"2023-03-07T01:02:42Z","last_seen":"2026-04-01T06:15:58.209403Z","times_seen":2528,"resource_available":true,"data":null}},"time_used":2060,"timings":{"blocked":1630,"dns":0,"connect":0,"send":0,"wait":429,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/tp-news/list_1_28.html","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-31T07:41:21.225Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tp-news/list_1_28.html HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:23 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; path=/\nserver_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad; Max-Age=86400; httponly; path=/\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Popper","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]}],"data":{"size":40456,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2087), with CRLF, LF line terminators","md5":"fbd360ab65fdf901f3ccfa4ff8582620","sha1":"a7cb399bd77c1d0c7829bfb0a44afffbfb34e532","sha256":"4e617644973f8c6943ecdabc0d0041648bc217fb6425e82b77f2560a9eb8b34a","sha512":"c86116e2d3bedad4d93ae236e0d837218634601744ba2e71129132463998718b665c6300f3e102e318ead5878bff9188e9d3b65082e64ace3308bc3100e1dc1d","ssdeep":"384:DnI44t0wvE0Kuo3hOZ3QTLnQD8QhQrQTODZ7HjnN949KBdl:DzsRvEl8/DB2kTODZHjnN949KBdl","tlshash":"3c03959115f82e7f067281e8f8a22f2f7e95e50fd75619b43e9c0e891f92e51cc03a46","first_seen":"2025-12-31T07:41:44.745874Z","last_seen":"2025-12-31T07:41:44.745874Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2418,"timings":{"blocked":152,"dns":0,"connect":152,"send":0,"wait":2113,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/css/style.css","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.658Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/css/style.css HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:25 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 08 Nov 2023 17:36:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"654bc710-1ffb6\"\r\nExpires: Wed, 31 Dec 2025 19:41:25 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130998,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"e5f89e2bd80b4e65d4ca8fdd797ff4aa","sha1":"455f43a7e82616bc3edd3ef50b6840aa901e1687","sha256":"cf92c4f613ae98bff6946c79d754f5dc21ee24f83010fda3a7589c0c5b76efd1","sha512":"c1e98ca23073779542a8d7fe77d1e7f528fcd9d1ec46a2da1eab1b8b081a087b00add2e07c151888dbeb4830b07582469d9027cf95532de5a0288d7c778c79d2","ssdeep":"3072:E8UmqZVAni+rLX6LujlCa4urlQaNknHH+r:E8UmqZVAni+rLX6LujlCa4urlQaNkHHG","tlshash":"41d375e556931508b02bc4b4ead7b764b31c94c3910eeeacf6e2706def81ac40177e96","first_seen":"2025-02-04T13:50:31.269438Z","last_seen":"2026-04-01T06:15:58.19358Z","times_seen":40,"resource_available":false,"data":null}},"time_used":2296,"timings":{"blocked":90,"dns":1,"connect":151,"send":0,"wait":1902,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/js/main.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.681Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/js/main.js HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:26 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 08 Nov 2023 16:07:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"654bb24c-4e50\"\r\nExpires: Wed, 31 Dec 2025 19:41:26 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20048,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"ce0ac0c555205b71077a16e8bbfbc2ae","sha1":"fc32f19e878efe10fc364e7ab3eef094ec9cfa4e","sha256":"0fce9379099b4075e4f31ed4749d681bda5535376c555d4c8bdafbd03214c391","sha512":"496047b220007bb395b486b6e6a9cdd644f8ed884277d5008ea8a79b9b95b2ccf0590a17d64e20a4986a3579ad71b3a01533637f28f30aa28215fbc2e48f8c9f","ssdeep":"192:blUE1oABnMPMM5CVrs3DphFbZIod30lEJzKC6rpB:bKkFnsMM5CVkzFxdkey","tlshash":"dc9225486411212260bf337aea7fd605fb7912ab42859682bcfc29840f713ac9391fdd","first_seen":"2025-02-04T13:50:31.278768Z","last_seen":"2026-04-01T06:15:58.216565Z","times_seen":45,"resource_available":true,"data":null}},"time_used":5869,"timings":{"blocked":2057,"dns":0,"connect":0,"send":0,"wait":3812,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m.yzsgj.top/tp-news/list_1_28.html","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-31T07:41:14.778Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tp-news/list_1_28.html HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T02:31:02.170255Z","times_seen":13313751,"resource_available":true,"data":null}},"time_used":642,"timings":{"blocked":0,"dns":489,"connect":152,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/tj.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.660Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tj.js HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 362\r\nLast-Modified: Sun, 25 May 2025 09:06:30 GMT\r\nConnection: keep-alive\r\nETag: \"6832dd96-16a\"\r\nExpires: Wed, 31 Dec 2025 19:41:25 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":362,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (361)","md5":"5d3d830acdaadeaff7de7ce0822c3d11","sha1":"1a09f51cb91558fde445ed7ed306693b30e0856e","sha256":"0c8716986951d50457d9d3c517f90b78ee0c0cbc43cb5ca3ed011d46ee79ed80","sha512":"60463dcf797c663d452aebe90d84eee917719b1265949a79945e0f3a35c18bdefa73e9a11ccb13f38f64a9f42521b76ce4b2189bb065b14a1780479d153b1d77","ssdeep":"","tlshash":"39e0c0e0359274ca430ab8d0043bd00ae2fb56497caf51f4f908710e795578c529f659","first_seen":"2024-09-04T08:43:24Z","last_seen":"2026-04-03T18:30:23.331777Z","times_seen":389,"resource_available":true,"data":null}},"time_used":2146,"timings":{"blocked":128,"dns":1,"connect":151,"send":0,"wait":1865,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:27.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://m.yzsgj.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7748\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 24 Dec 2025 20:59:17 GMT\r\nexpires: Thu, 24 Dec 2026 20:59:17 GMT\r\ncache-control: public, max-age=31536000\r\nage: 556930\r\nlast-modified: Mon, 15 Sep 2025 16:36:26 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7748, version 1.0","md5":"a09f2fccfee35b7247b08a1a266f0328","sha1":"0da2d17e738f46d2a09e6fb7969da451719a9820","sha256":"cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446","sha512":"5e3f9a298003b84250ec6801e08ad2a4ff8845d4c3e13ea61bec37da24d26ede13b436257882124cc0c27e9a323ba92e7d23c6ad3f48a7b75535f5ed98813a0e","ssdeep":"96:0g6vAF/FXh6MmoI56TEwosGU/DbVF/QBT1gaHEYT6u/w3hXLbJPAS772+6haAftj:zp6x6TYpoDYBJg8TRkbJPAS/2+CzQa7","tlshash":"f3f19de65d1e5e8980f0102f6f6efce767950d88141dadf9a9e72f884c6ba1b04c90cd","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-04-04T02:29:40.620066Z","times_seen":192370,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":67,"dns":3,"connect":7,"send":0,"wait":9,"receive":1,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:27.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://m.yzsgj.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 44331\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T02:31:26.319062Z","times_seen":713564,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":16,"dns":0,"connect":0,"send":0,"wait":10,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/css/bootstrap.min.css","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.656Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/css/bootstrap.min.css HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:24 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 08 Nov 2023 16:06:24 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"654bb200-25683\"\r\nExpires: Wed, 31 Dec 2025 19:41:24 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153219,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65288), with CRLF line terminators","md5":"07ed40c4377ac2891194ecdc5ef07654","sha1":"304a85578b04e6da6c2cf86f8b7fd5832a577aa5","sha256":"672817dc90b2ffae699b02b80c70c40c4f46a36eeedea170f373fbc2c1b5b30a","sha512":"f4f4f11a1f06e7a9c6bad7607b5341853749bfc61ef738dd3f282e82fa94d7e04e984b15363a2f3a98e6f8da576f0a340893d4cf9fc45423463cdb97707d2a3a","ssdeep":"1536:Y/NImGVh5+QYYDnDEBi83NcuSE9/7ht//1K0q3SYiLENM6HN26E:Y/Fs4D9Dq3SYiLENM6HN26E","tlshash":"b5e375a6f5a0312de467c61960d0bafe156f8245d7221ffbf82737644b896cb0a63d0c","first_seen":"2025-02-04T13:50:31.2736Z","last_seen":"2026-04-01T06:15:58.236008Z","times_seen":40,"resource_available":false,"data":null}},"time_used":1712,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1560,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:27.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://m.yzsgj.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 44331\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T02:31:26.319062Z","times_seen":713564,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":162,"dns":0,"connect":0,"send":0,"wait":8,"receive":3,"ssl":146},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/js/modernizr-3.6.0.min.js","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.676Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/js/modernizr-3.6.0.min.js HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:25 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 08 Nov 2023 16:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"654bb228-21be\"\r\nExpires: Wed, 31 Dec 2025 19:41:25 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8638,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8320), with CRLF line terminators","md5":"50618549de4d3de4b9c416f04c2fdb22","sha1":"1f7c186652d309d4bf79de3ad7c318adf2246859","sha256":"70961057ef3fadbe6fb56cc6445880d6b96dffe9db95bc87485fcc1595728b6a","sha512":"9078a268425196e2928f45810b35b84f4f2ea126cadc6f9c3d4c7e51d8417ee6ad7fa7fa942b87c6ffa77e34b357955619f6da3738610662b125df7c777c6d30","ssdeep":"192:dEYT/2wPZgoOfzAL0kvzaPWNI1C/W0DVLzcuQWyn:dLT/2wPxOfzapbaPWNI8/tzGWC","tlshash":"d302c9a97697b672836a3070117f040ead3b2c096e05c444f02dd5ac7bbcaa46367e2e","first_seen":"2023-03-09T04:31:11Z","last_seen":"2026-04-01T06:15:58.198904Z","times_seen":109,"resource_available":true,"data":null}},"time_used":2131,"timings":{"blocked":113,"dns":1,"connect":151,"send":0,"wait":1865,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:27.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://m.yzsgj.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 44331\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T02:31:26.319062Z","times_seen":713564,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":64,"dns":1,"connect":21,"send":0,"wait":18,"receive":5,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.yzsgj.top/skin/css/plugins.css","fqdn":"m.yzsgj.top","domain":"yzsgj.top","tld":"top"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.yzsgj.top/tp-news/list_1_28.html","date":"2025-12-31T07:41:23.657Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/css/plugins.css HTTP/1.1\r\nHost: m.yzsgj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.yzsgj.top/tp-news/list_1_28.html\r\nCookie: PHPSESSID=va9d1n3hsg0d4g3291s4l8d5ut; server_name_session=47e77bb1852ad56b9b5e5dfd79dc16ad\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Dec 2025 07:41:25 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 08 Nov 2023 16:06:34 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"654bb20a-1031d\"\r\nExpires: Wed, 31 Dec 2025 19:41:25 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":66333,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (39137), with CRLF line terminators","md5":"f16184ffaf34a018129eeb2f20ab4454","sha1":"9ca6fd1a2f6e7c1a0c946842a2906c4cb5171d0b","sha256":"87dc585274c4206cfdc1e138a711e662e57202d5e3c899a83e67d7ed911d3da4","sha512":"abb05355b91f6e1ab1240387bb12403328bc3db2b290c73f39867b5b3d640a88323b6fe9533f29ce962aa230d1734b12a47247f5f3d28685b62b79fc8b4e485c","ssdeep":"768:pKvcqyF7I4rb84dLM+e23D9nld4rxEZlJPHpq/wEvqjx2/pvGiR:T/nLMQRjux","tlshash":"ef5362b5d40810d26bb6cc03fba2b38a65a5f063f5910ddaf13a998d4dc17a411c7fab","first_seen":"2023-06-14T19:15:52Z","last_seen":"2026-04-01T06:15:58.215949Z","times_seen":47,"resource_available":false,"data":null}},"time_used":2304,"timings":{"blocked":94,"dns":1,"connect":153,"send":0,"wait":1903,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"m.yzsgj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}