{"report_id":"8334ba68-44b6-4c2b-8067-09b2f1b00bd5","version":0,"status":"done","tags":[],"date":"2026-07-04T10:40:14Z","url":{"schema":"http","addr":"661815.com","fqdn":"661815.com","domain":"661815.com","tld":"com"},"ip":{"addr":"203.168.131.141","port":0,"asn":9513,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"title":"Bet365","dom":{"size":299865,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (466)","md5":"978a26c0bc9b57ae92b229968178a461","sha1":"914497c892974657c600ba6242e87d21e43f575d","sha256":"e6297df82b0ab9ce40379239e6925f14bcb602875bf1068d5364d3da6725df95","sha512":"3e1d4bf3b41c2527aec85fadde5cae272db58b75cb8a1aab7f70c5d367a6a7c0254ade754811aebc370ac63a64959cc815a4af6c91b2aea69bd7a739b94bca48","ssdeep":"3072:p3+/3wH92sSHrGlZCsr2y09Dvbz5u29KWqWv9JqPvJE:p3+PHVJq3JE","tlshash":"a054e87c340124ab1277c6d4b4a1bf09b0a2f34bdf1ae540f5fe12149bcbe71a9e6961","dom_hash":"domhash7705c6b02d5aa0c4cadad48d5e2693e1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"661815.com","fqdn":"661815.com","domain":"661815.com","tld":"com"},"ip":{"addr":"203.168.131.141","port":0,"asn":9513,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-08T10:40:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":9}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"661815.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"ngfffgygt.vgho9-foqhfoq.com","ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-02T10:56:07.628939Z","last_seen":"2026-07-02T10:56:07.628939Z","alert_count":520,"request_count":130,"received_data":6296373,"sent_data":72210,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s.q5qo.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-04-06","domain_rank":0,"first_seen":"2026-04-08T12:00:24.977625Z","last_seen":"2026-06-30T03:05:58.525232Z","alert_count":0,"request_count":16,"received_data":0,"sent_data":9328,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tposs.qiddfc-dqiod52d.com","ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2022-11-24","domain_rank":0,"first_seen":"2022-11-25T06:07:22Z","last_seen":"2026-07-01T20:44:42.835513Z","alert_count":0,"request_count":48,"received_data":887696,"sent_data":28542,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"661815.com","ip":{"addr":"203.168.131.141","port":80,"asn":9513,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-04T05:32:25.140793Z","last_seen":"2026-07-04T05:32:25.140793Z","alert_count":10,"request_count":2,"received_data":224,"sent_data":874,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/FormItem.HTKNZfM2.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"29452cc6be124d4a8a86529a2f1b35bb","sha1":"36947514f3aa87cc7267cf56cbbdaeb18c45d6c2","sha256":"7fe95fdc724d4a1742edc35389a08f7720a00fac35e6dc6223b1be103b08d729","sha512":"ab27db767bf404242403c76c59ebf124ceba46d1e53d4a8ee9bb74e8fc65552d2d2103b9f21052d25b96cdefe192b06de797aef5c8739a391c079de5d85fffae","ssdeep":"768:4/wxlD1aJPfS4fS6jjl5HkWQTejie+meYeJe+Ve+3e+Ce+LeN2e+ye+kej3eA5ev:J1Kdt2QlU9mijZ2ZyrjdgeLbq","tlshash":"e0e2eac872d8b05c8ba354f1905b9417b22bb840982ed4c1f76e98f26af4a5d1773b3d","size":33733,"data":"","first_seen":"2026-07-02T22:42:57.038222Z","last_seen":"2026-07-04T10:40:29.297333Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.DYCOmzXM.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab91d312164af24d037829d1b9c76adf","sha1":"c606d530aad1abd2ad50419880d0434f3a704be8","sha256":"58c13130bebf6cbad1e9d4fa2a03874dad3f30807471af1bc4b006030e345e0a","sha512":"34ca08f1d215ecc4553a52642b4689fcf601cfdc3f8651b6cd4731159d3690cd4f461a72daa46ed1a8f541d6970a2178d3b0a6eaf5cd08a5121bdbb39d54aa02","ssdeep":"384:D4/30e4n4WQlTJV6qQT8lzaAwwVgXbRhwkDO:Dfn4lV6BToaoaR6k6","tlshash":"ac626c1f710ba67ea63149af92720d0191218f9a842289fbe0ff4f181616cda6b8d70d","size":15749,"data":"","first_seen":"2026-07-02T22:42:57.071871Z","last_seen":"2026-07-04T10:40:29.219459Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/siteRewardModal.DkaB9J1o.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"568c1390fcfa6d5bdaecbfdc832da40c","sha1":"ec151cf705446df126ac9817db9b93766234b50b","sha256":"9d309ebe6746862a2c058210f80bfa2642cc23b24858e939f306ec3d67035db0","sha512":"8872d90129f51e3f8002ab5b07e4551d51da6a9217c3defb051fe806a02dd88f87365a8269d6387a3bea3d85eb5dbbe706698ab2ad47d8c6bf7c1133f1315bd2","ssdeep":"","tlshash":"3d017647e90934b914b666b27455bd020399b93a948a062c39b928db16dc885f3f9f30","size":698,"data":"","first_seen":"2026-07-02T22:42:57.164269Z","last_seen":"2026-07-04T10:40:29.343074Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/success.B7fR5wmE.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"861edf6ccee12de018680dc5b5ff70c6","sha1":"7775194f46f290b518202bd71a4b63498069763d","sha256":"bd59e568ff6effdaa322fcb9a75fb145d6366fd9ed36403ea87fe64b1ca46d58","sha512":"c527618385c565d1be5f860c12ed44aad86d37e01dfb963c6746bdfe2f5540afefc1bb36b46b35d2447eb5bf61f4451cd5f11208821a00ebb67c78e51f165efd","ssdeep":"","tlshash":"1741947c851b6e78983c4d5b0b283d21d826a2bdcfcdbc475d865200ab345075ca5ced","size":2422,"data":"","first_seen":"2026-05-30T07:41:04.658352Z","last_seen":"2026-07-04T10:40:29.388443Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/MatchTimer.DRQBVhCx.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b63ac139351a6dc41193b04595367622","sha1":"d771826bf217349329a5606d421bf28645954789","sha256":"19e2f5e234d3bfb34c70b0c4429e6b1781a03b6d583ae70cef777730fa59927e","sha512":"056fe54f48aa4edd1bddd68f918c808d14bab4fe0d8e2b536f68126cb5a6ded626b900c280fd43b1c8382012d73f9d93788a6cc97c5efdbd445b8b42769aa839","ssdeep":"","tlshash":"8141a745bb0f58e053f0098005404914ad1b8b2d3133adc5ebac4fad932ae58afcd56d","size":2080,"data":"","first_seen":"2026-07-02T22:42:57.214247Z","last_seen":"2026-07-04T10:40:29.301314Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/MatchOddsPanel.DD-_WXfz.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"012c7b62e9bb8de46dc206fefec2244a","sha1":"07e3a02963a433245ab5caec4aa2561cd318b2e4","sha256":"644957b2f6fef34c29d92e020b53c8c5e58fd61ce9d1340811ee5048c34eb193","sha512":"cb713dee7fd97d251598c9372f886a89f230c119068c84fcf9c7efea784545f0401a44790e13efb87b37e99d6ef27e879a02103d952e6b049d9eed1fd0894006","ssdeep":"192:rwF3iBrmH8QMrZIghSu/iCX8s2coeSQ8zNW6XRpsDsFiwEFNgk:rwNiBrmHHMrZIYSu/iCX8s2coeSQ88Z/","tlshash":"ce42a7cd44c64119f7140a65e07a31a6ddb93c09740af642eefb5dfc2a11d828fb9f2a","size":12268,"data":"","first_seen":"2026-07-02T22:42:57.102836Z","last_seen":"2026-07-04T10:40:29.196405Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.D7lZj9rk.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"749a8a0f67ba057429945bc92541a391","sha1":"a4abecb94c435c46ffdcb62389dcf43fa369fb9e","sha256":"da980970f235c83f9ce99f92073566b3d05609a8d98fa4df2833d5c46418114a","sha512":"115dc02aa2a3e311ff3a05d0e16a0ef3139d479697e3343f68f4375e8e382259c3505d4f67c3da5b5b64c89d334a94285037c76668ff76b3ce5ffed8e9cbc741","ssdeep":"","tlshash":"51f00e2a7f4cc0b4a6370dcc3573c42c065f07d9b630eb9982d33f691b89520a95e139","size":525,"data":"","first_seen":"2026-07-02T22:42:57.009685Z","last_seen":"2026-07-04T10:40:29.305241Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/useRewardModal.g4gZ3DlD.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"23a767a4ff3d9dbe23ea14fa47a121b7","sha1":"da78e07c62e8a0d5e4d911bbef78b708d8920d95","sha256":"c4c244485e71b0235830c4dbf8514c4038456e863a61068eecee8fd623b23aa6","sha512":"f1331cb46db56d0066eb98ab2105d4ccb03678965bf672e68fb89073a4534099fde698b8d13c30d9e1de5e19ef00d31cca2002ef5212a9da26b5ee44a4cbafdc","ssdeep":"","tlshash":"fee0c0abe0ca57f8243e198ba138057801d4148975ca8ec4135c0ae6072e2d2d02bf03","size":364,"data":"","first_seen":"2026-07-02T22:42:56.992036Z","last_seen":"2026-07-04T10:40:29.373424Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/ChevronRight.D4HLqNxn.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"632147dcc39dde9325e2c805ca439daa","sha1":"82340470c7aa83da87aaee782708df7d7e543535","sha256":"4a21f07a97be13e55515d19b4a4f48b3f139066f68dbd9e9962c7654f58b5839","sha512":"8905bdae7036934c9dcd7def3cfd2da6ec329d3855e3a363ae476008ac0e5b2646b7dc0c7a2b6074a698da7313a9a643429f91443b0f21cad64915d481fe8e9c","ssdeep":"","tlshash":"baf08bdf93d28871c910aa21d1a19041cf5914fce641cfccd22007249923cc52d0fdf1","size":543,"data":"","first_seen":"2026-07-02T22:42:57.07874Z","last_seen":"2026-07-04T10:40:29.384699Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.HE32MnY8.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f5c3cf0e47b529bde3db4592a9d5c04","sha1":"965b9c6483792fe59ba83aedfccfa0a222b3835f","sha256":"0394f5beb64821ffee8a7e71221ddd7df271e8f063e8edaa3e95a8e3bd0f6be8","sha512":"eae665add77675f48a9fbf784cb7861af7fda7fe6e32acc039a75f658776838d35f9ed5cd9b13291f4a1bfa3766062b4074e144cac196167202badb5b00b2eca","ssdeep":"192:69bb7fcGPMgdyk3J+hsqapJ4xMsRd2wai0h7H9SR29oY9blsdC8jBAfDquEvdnRm:Gdyk3jEpRd2wai0h7H9C29oYtGdCYB8f","tlshash":"d342093c744a96ffb973c96855a48402706a7b3ddc4898e6e0af1a1299cbf3045e47fc","size":12183,"data":"","first_seen":"2026-07-02T22:42:57.156091Z","last_seen":"2026-07-04T10:40:29.353551Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/InputOtp.rAUYlcYj.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b93f434ef126b14cdb0014ca6933a4be","sha1":"c959b29b45a5e26a86317b5cbc249b4173ecf0ac","sha256":"aee2e22a747efb1cfd660e47d9a7a6c3484cf8a17710bf1adbcb461a8e697c6d","sha512":"f4b63d101792fc03c6cf39889186be7dc4ebd9d80720006bc69262154f31fbb1fc4255eff331b0965c032b5423140b0ac5b6ae30654c7a30b93aa50b37ee8bdf","ssdeep":"96:+NP2Ib5bPHMw5wIHXzspv6aJSuFbT/Q+qMhvd7GERnNQLE0yFzsV9HGfC8:M2Ib5bPHMw5wczspvV1fQ+qM5pRNQLLq","tlshash":"9eb1fa993193a1b1b6f24ee1846d8411e3163e08647df0d0d573dc551aa0b4962fff7e","size":5114,"data":"","first_seen":"2026-07-02T22:42:57.129599Z","last_seen":"2026-07-04T10:40:29.180471Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/RoulettePanel.DXS7sbaS.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0fa0a1e2b963a882a876c4bbd680a47","sha1":"a7d89e5cbb7ec54b1a0372521e02dba63db4545f","sha256":"d647858845026c1eaa46c34faa40516c4d078f1b739ed9193d75e1d717cab3e3","sha512":"4ae5c430790b9ddb0df4716858de98ac5d9c5b0ba5bee470852bd3a8643fb2e55a7772672c2a462a9d44522fa642908d4a49f64b22260679f1976ccd22ab605d","ssdeep":"192:9MdFrVAkPRTVQFUR4NXsby7yB3bex4QTaC2r/6AR9V4Bs:9OFrukPvQK4yTpe2QWCY/6ARLCs","tlshash":"7de18ec9f545883708a326cb65e5544cdd0ee65f827e5ed4f1158ab02bb2c39fb1320e","size":6858,"data":"","first_seen":"2026-07-02T22:42:57.052543Z","last_seen":"2026-07-04T10:40:29.240645Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"661815.com/","fqdn":"661815.com","domain":"661815.com","tld":"com"},"ip":{"addr":"203.168.131.141","port":80,"asn":9513,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"0e874c6e752518d9d87117144fff2a93","sha1":"29c940b719d8aabd2c05837cd1079c62164a7e83","sha256":"efe17a12d697357c02153ae285d42437f6c0487be498a8736abce014bb1c90c7","sha512":"0bac667f5d0bab2901e7be2e25f2cddb87c83f8ee6cf4dc8b1700e41fbc05151e520d83d84b9ff0ec66db792080c84d63c4449aa0aeb64f7dac47367d80db623","ssdeep":"","tlshash":"65f0a6cbe3cff09a6753123b0e8e2c4820d8b09b971d8c00a80c9400a9a5aa91b7cca1","size":598,"data":"","first_seen":"2026-07-04T05:32:29.06972Z","last_seen":"2026-07-04T10:40:29.408514Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.febRmCcs.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"500b5c3d14b6b537bbf9a881c93c559a","sha1":"e0e10520012940d7eaaa1d6a13544e84b38418fb","sha256":"399d67cea2755ddcbc2f1a0d4223becf1f63c46e612e452c09933988b43356f7","sha512":"8b1cd39209ce521b9a06aed72b8fcebda210e35cf5ed79556e63d59560dd6be29036985dad27f2b0503cd916f72b01b63254af1f3ef6ee54afab13d53f1fd536","ssdeep":"","tlshash":"a021934af29ea1b6483a80f89048ee67a3326414f26598b9d96d0d1ec189043b46fb72","size":1137,"data":"","first_seen":"2026-07-02T22:42:57.226407Z","last_seen":"2026-07-04T10:40:29.173033Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/useCommon.erQ0ATtd.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"833ea29516cda2a1170cc300dead87b9","sha1":"7eb4286c8850e351377a0864de5d02156a4b14a0","sha256":"fb7a27ec1ef964938a11fdfbc39b51b58cf3210de61063e83ccca468d6cceb02","sha512":"984890e7c9c2abe316f791deeaf3595e1aecc4308fd3db8a29147518a320a95a826f508d85b189cf7b6cb5496756e681d296de42afbac303c2d56b57ec34d6b2","ssdeep":"","tlshash":"021150ae2f6c1cbd912858f87a4b48124216d6892e1ccac1b04f0d19b19de40ef76fc6","size":971,"data":"","first_seen":"2026-07-02T22:42:57.101476Z","last_seen":"2026-07-04T10:40:29.394368Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CVNeAoZ2.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ad437b8fe52f15f9fc6b3bda69ff57d","sha1":"f0fe70e288311361914244dc475c907d25ff5e7d","sha256":"0e4ca4dc2e873f045c74ad0644aae05768cacc26e221cd34aba012c99191011c","sha512":"dc0d8d3bd3bde4c9d741fd47881cefd96cc5367b515c2bf969a7a775dc366222a843ea10b3f70fa359f3f8761d833fa886f24e0861402309cedf003a86026515","ssdeep":"","tlshash":"0141c5e3ecae887d59738854b4c20c61a90e3f86d02c5e5b9079edb563e2c307a0e4a0","size":2424,"data":"","first_seen":"2026-07-02T22:42:57.229404Z","last_seen":"2026-07-04T10:40:29.369091Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/league6-active.DnUFTfPa.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9eb52e0b75fc835ba837b1bd7580e384","sha1":"cf35e38a06a96fd0afdd71683fd361d2a41bc20b","sha256":"165fd9a0d64255db483e3e2fd6d2a989d82e319621ebe2185fa81b5e98e835b8","sha512":"5d5eef4c39a90494e0b89266ea5e2c09571acecdb68cc151ae02badd117b39d9ef3224df8e556cb788d7ebc47b8ae2c888d03e24960a16f9fddba020ff73aed6","ssdeep":"384:NrhaZ+JwIhoZSPFZBxSeqsYf39WyvYb4l4D+rLJbocR0EtxHFl:NcwJwI+SP+epYf39psOecyEt9Fl","tlshash":"6bb27da935c71d3ed39318a470a900907cb93eafd0189841eafc7a517adac50ddbb2dd","size":25085,"data":"","first_seen":"2026-07-02T22:42:57.239227Z","last_seen":"2026-07-04T10:40:29.329985Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/search-icon.DIGhTt3w.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6562ae070b30df17151b7741e9b647aa","sha1":"fd2777a192db31cd89a8c797a7e89e9996988d26","sha256":"4662c08aed38a315db3a21e5f50f1ec96c0e005dbffd8075ec2f409deaf37f4e","sha512":"000603cb8e2dcdc027387ffdb3efe5437a3b7521671283a56e2a900da9518e784d3c6d3c88a917409630e3a40954c397c2da5ce83b0552b419881e75d17be189","ssdeep":"","tlshash":"0a01f5be420162cdd035cd2b2d267c41d0b624fb0d7542faead27254ee631d215f9e1c","size":809,"data":"","first_seen":"2026-05-30T07:41:04.713371Z","last_seen":"2026-07-04T10:40:29.22494Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.lIEGvvnq.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"1cc25558794f4fdb2b8eab3dc9b49f03","sha1":"0bcea268d7c81f046dcb94fbc346005600461e6e","sha256":"a8f35b471adc5f4221402b9a2231c18c64c8822546bc1e21722684466661905c","sha512":"c3ac477636704b35c86b584e4aa024e86d5b047f49949f42b6c8dd1895158b3bb07c3dfe36c70c7a38e29fdb22b5ec196d81e9f2273992dda7c96be38355d4b0","ssdeep":"","tlshash":"544152897039a4bd47752a5ac534026637261b0b312b88f0f2680e0e3375ec6178ffe7","size":2066,"data":"","first_seen":"2026-07-02T22:42:57.212276Z","last_seen":"2026-07-04T10:40:29.371602Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BN6UZ3XW.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3dd72e4bdf55dc57404592d7d05de721","sha1":"34bbc291a9fbce39959e9d37858721e7f667e3e1","sha256":"4c88e8ebeee6e6b96e0ffa2a6ea02754cfaea34d81d7d63785d73de0507825dd","sha512":"49c37d1f0d85bb3952c89106fa779ab6ac657925613b2289cd051ded2601d98ab56fd36de1e31bf0072eaca51f68a0c69527e1cec1f5a07f35dab8ddc01b1ed6","ssdeep":"","tlshash":"2221758eb1c2b1710b3f84d8e8918631f3327329d7a4cda0ca9e4f1542d1546e1aff59","size":1327,"data":"","first_seen":"2026-07-02T22:42:57.089144Z","last_seen":"2026-07-04T10:40:29.22305Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/phoneStatus.DsDFSgt-.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2997acb0f5b00fa084de4c86f5f1a50a","sha1":"e26cd0bc1c157bfdc967a139a61be2d9d5a3bfd3","sha256":"222abccb18585aba8f7364366337fb1715481cb11d99ae7f599f798a482c8c60","sha512":"371f7197e6179185248aa14ee3179df77f06c86ec4294717f0af612919f9515173fe6c48fd82c2aa5f328e43a3becdaad2e4a0e07cb5edc470255e9eb4d89eeb","ssdeep":"","tlshash":"c6d022eedddab0f0c20050926020813db0060ab5b83cc2cab0fc0c319e1b084f3baf15","size":210,"data":"","first_seen":"2026-05-30T07:41:04.65147Z","last_seen":"2026-07-04T10:40:29.232501Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/RoulettePanelModel.Drk7YVwL.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"54ca4db3d474f886166088d479da69d9","sha1":"0fafb21a896057ffc193c7c7b59efa85e313c4ff","sha256":"57671c100b795f1eea753d6024a4a44c4a25f2d40c0d0a4b9cc765b92bbbb369","sha512":"d66ec065f8fc0540e30bda292f69d28e4aca8dc7cd4e1a4187fabea5d4f5ca10d63217375eecb4b592543af804ca74fefdb32fcfca999112c936df596a1e2c06","ssdeep":"","tlshash":"f841a6d9b45a8afe17774e9ce41948d1e01c39694321fc8825dd44132fe6de444bf72d","size":2240,"data":"","first_seen":"2026-07-02T22:42:57.032688Z","last_seen":"2026-07-04T10:40:29.21418Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/BetCard.DzB8RjVA.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"37562ae2f8724203cf30650c981d5f53","sha1":"24452757ed7a2869726e506de3446cf33dd76120","sha256":"c20b935a51d8a46307b94552c517129316eb74644a896581351bb681e73213ac","sha512":"7e7ea5881270d73ae7b3a7153ee519c0be1201978a97455a2a64d21792bdcdc8b6187b2e00ffbdf36a178dc3bd270fa062334f4f03964c02a016d568618eaa45","ssdeep":"384:0H3oUEDKKZzXpwBRP2Efp1N1hehdKqMVR5wPv9ACV8gnjNq2:0HhhK8vPJN1hidKqqbwb+gnJ","tlshash":"6492e74e341749b6d43b883711183508e0283fecdf259c82f2eb96356bca9556a98ffc","size":20455,"data":"","first_seen":"2026-07-02T22:42:57.213282Z","last_seen":"2026-07-04T10:40:29.248387Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/chatShare.CI7ZQNfd.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c484fa33aae9aa4caa73758c9fc5d4b","sha1":"b107f8624668440b31cc867a1630184d40145f63","sha256":"3a0da513cfde0cf206dafaa07d44b468fb74ee08c82dbab0da48872611e031c3","sha512":"db3dafe9a977c62df92588e4ebba1d81943d9282d582cbfe45586c29187a8e53ec45e707b5830bccde22758e65b180185491a9ecb45f7f109e2ead7dc77ea742","ssdeep":"","tlshash":"a711ddd6b1c639a28761145e90704666f2245d1539ad83f0f23e95733d2b81382fbe5d","size":1093,"data":"","first_seen":"2026-05-30T07:41:04.668588Z","last_seen":"2026-07-04T10:40:29.192625Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/PersonLoginAbnormalModal.BQ-xRGwh.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"82812177bd6f515c79c34850449ad392","sha1":"55e455bf9c859eba34b00e53b61731e6eed89ccd","sha256":"a36d80a5346ef1ea78b4ece16848affdb5eff9875bd0371ca845d8f1070f410e","sha512":"b0b91b1c106579a5ef68263365a8eee3fc26244408909bde294250cd00219f85a09040d75464867a87b3fa121fbdf93fa302c8d39e87352579704b88a1c3e273","ssdeep":"192:8uFkminwhdsWzw4swSfqCDd1Wi2vUfk3ERuAAcNN+OprSqeMVe:FFkRnwhmcwlfF2vUfk3ERDNNjeM0","tlshash":"2732191c313ae77d3f5b5020b1a86098900c7f9ac518dcd7e9be4c572adaef446c5789","size":11193,"data":"","first_seen":"2026-07-02T22:42:56.948356Z","last_seen":"2026-07-04T10:40:29.398268Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6639846c6c332596d54e1ca9bafa962","sha1":"aa9bcd648426ecf28753fb707baba1ca5708cb43","sha256":"9580f8c9d02af61d08bb6eb8c8d120535f28119aad614f689a4cfa76e4b61180","sha512":"32f580751031abac9b5423d056da929f2a38088ec0b998d484eaa56e3760afe115f8aea3b582569dfffa8104e6efe56aafcd70e7e3d3d0bcd5ff840e540fa1f8","ssdeep":"24576:u8DE18f74CrYZ+u9xExfuJpeVhNuzQkmawtwhxctFHZHuIFwyn:u8DE1UlrYZ+u9xExfuJpeVhNuzQkmawD","tlshash":"7d658dfc714674a907b7d4e9002b1806fd293b53b80dc0d4f1ae99a639b1a19d6f6f38","size":1475949,"data":"","first_seen":"2026-07-02T22:42:57.288826Z","last_seen":"2026-07-04T10:40:29.410098Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BCZTT1m6.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"bffdc9b4554e951cb7e63dc5807483ca","sha1":"4cc54e913997a6868aebfb7ebfdeb28d2cb30836","sha256":"1cdb695c2ea65b893abebd3a31828a4430e94d395340e7eda0e98006c56575b3","sha512":"3324cba4809195308692247916dfb9f2b24a9cbae67511106dfcd6183b7acecac88e377d65e65015a0098f2c0e4cc03ecde9be5fdab07c3278146bcc509ddbe6","ssdeep":"","tlshash":"99210f1cec0ed5664af34624a9084e001409cf3ee6392dd059ed763d17ee2b866ce76a","size":1391,"data":"","first_seen":"2026-07-02T22:42:57.179347Z","last_seen":"2026-07-04T10:40:29.395101Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.B1UGflyo.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"98eed063bb427fdc8b79815ad51a2c08","sha1":"740ec994a73bee944f5fc036dd3479e3b7b73036","sha256":"68e2fa7f80e4b0b34cb68f8559de1293a3766407208262df062b781fc38f1b31","sha512":"6f86343bf51a6aafe97e1744d4202f864d7420c85b8c5692cb9d71285c26183893e49a3734bec8a586b728360bb46b99cc326a3cf9ffe92f3a7bdaa57c1e081e","ssdeep":"96:khFkhM3vivdhRFp/SIBI0AiTYNobk/Pdj12OpoqETxqH1by1nj5aXj+60gFdr:ikefk9pt3hQtjwO23khEGK60ur","tlshash":"aab12a6870172738ad37c54c1180995a9d2b7f52aa10e8e031fd1a272ed2ce1db6f3ec","size":5496,"data":"","first_seen":"2026-07-02T22:42:57.285209Z","last_seen":"2026-07-04T10:40:29.174225Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/OrderLimitTimeFreeModal1.Y4m0qvUA.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b38c94409dba2c85232281ae5435e8cd","sha1":"7b5f771e5972c42a2f4f4ee3223cf2241f825374","sha256":"89edc8849f9b23d6f38af5e47661b913ba313f4d48660800de797ecac37e7895","sha512":"dbd0d2c4977ee88448edc30f09639997d36ec1e640f8ecce5be2674e45bdafd677dbf6efecfe1ed8593bad043426f07844310e8e11f69691c26e0cffe3f8aa7b","ssdeep":"384:jYI8vsCmCNuyl2NAz2lECYGWvSmZnyVK01hT:jYI8v9TZ2NAz2lECYvvYK0/T","tlshash":"e0520baca8354535fa738459f2ef0a42661c3f53d1184c96f8fe59a03f8ad5233ac17a","size":14377,"data":"","first_seen":"2026-07-02T22:42:57.077266Z","last_seen":"2026-07-04T10:40:29.211497Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CaVNnIyW.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"143a588a89d40014abcfdb4fc3842975","sha1":"252311c13455dedccc6bddccc7a0b42e53626091","sha256":"246a8168717506e22fe39d71339ecaec6ae063b34fa12af82d24f4984d0957c2","sha512":"d6fd54f655ae40b9a5734f5b37d743e52b524a974f151a16548543dc62d74eb4d811fd5f0bd8358873493149f6cadce7aeb173631f9c404a344c2614c4b6f2c8","ssdeep":"384:iN4KOG3VHjGPbQFfoZAD7FP81Rvs0LjxCDNLp/mDubbOPzHgzjOrJbsI:q4KzVDGYoO7G1i0XxCDNLp/kub6PzAz6","tlshash":"38a23b0db1121c7ae7f72af0b02c406176782ba6f006d989b4fe8f753792ca19745f66","size":22247,"data":"","first_seen":"2026-07-02T22:42:57.240968Z","last_seen":"2026-07-04T10:40:29.254924Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/LimitTimeInfoBar.Bqx5Y6tf.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1ad0a20780e557c3f99bd900b70b82f","sha1":"a928918fc6ec9e1b2ee9a75e5880cae8d96b8d0a","sha256":"e35a87e7669070ffad0d8ccd51e760e2ae27b68abf6f3187e2b08e652b7c3a40","sha512":"f557e39065d370bb4679be5fe874d0d337e9472f085282f576621a35398de3bda9ca4e1a386e7816c5b242bea291b2daab135cb02e451ce62665d043c83189f3","ssdeep":"192:Y4S/QYauljiffbSQx96v00tjusAw6wXbdfo/uX8Ci1El4:3SGSQxkv00tdpoGsCij","tlshash":"3bd1fbbc71315838f737489851610166900d731baa29edd2e0ff1a399edcdc51ab91df","size":6633,"data":"","first_seen":"2026-07-02T22:42:56.959122Z","last_seen":"2026-07-04T10:40:29.269648Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.Cf3mnLsI.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"66d534856b69e3b22bd4e9748943ba07","sha1":"9271db5af485d4d434a1700567108cf6893a4d8c","sha256":"d0a80118134c0bf573970125ca69b7bd1b43ef8d35b2b5443804b37d984767cf","sha512":"02dcd6dde82e4d925ec9507a0a89bf2ad2692acdfbfc180a6719bad82e8f2929fb194f5d3df1397978e367b48be852c6a6087b69cc4bcf4c1fb928aa92d40785","ssdeep":"96:jJyY8J9bwlVy+TY/ygeKbr+aETv9l7/IBY3YWDflectiP:9yY8J9ElVxgeKbr+Zv9l7/s4YW5eH","tlshash":"c6c1cc025288fffb89f38ea97b8f1e24c4f2c7b5426185e5d7ad4c7811e6096237d542","size":5900,"data":"","first_seen":"2026-07-02T22:42:57.263256Z","last_seen":"2026-07-04T10:40:29.12694Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CQZHJ1ks.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"92654dee323f61f39df60086683d9016","sha1":"f8d1547d7d791ee9dbadf1124912991c29b73803","sha256":"ff386491819e0d200e522b58330cbbc4e585254f1e74529a7007b10e4ed610b6","sha512":"efd0f5aaa3878167cd8efb7063e536f1c12b611827075b6b0f0d74b35465df7e9234a5482cf78b167679b35615e11baaa6db888bc344f5b7bfd8a424c28ef348","ssdeep":"96:icAOlIW3YrGdv1PISGEwZAhtm1xyY3A53Au3AV4fzr63ewJzburzENpsJUcph/Ae:ZAOWSGEwZj13i3J3+SG3nRIUGh4p3w4c","tlshash":"cbc17559203fbb7ab617487475685992a3097faac105c44bf1bc1c232bce8b416cdb79","size":5818,"data":"","first_seen":"2026-07-02T22:42:57.120795Z","last_seen":"2026-07-04T10:40:29.245853Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CEjCQ_lu.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5326e6a66f1be10ab88fbc19227655ed","sha1":"fe77c77d30b36c69c3c00d339f85013983d49d19","sha256":"2eb46518e5327bbea2750f4d47179803b93f1f5b2d097a07bf76b7114075fa9b","sha512":"1fa02ae817a0cd1a73e7b545978192ac1655f6cf5db11525afdda68ae975426a1dec409087536f97142250a8f8d8f27e481f187075faae2cc65915dd8e4caed1","ssdeep":"","tlshash":"aa3196be741ed6f8f31748a4e0d54413c61c77b88235ed8de6b505292f81544424e73e","size":1715,"data":"","first_seen":"2026-07-02T22:42:57.035267Z","last_seen":"2026-07-04T10:40:29.146451Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Drawer.BDcLXucr.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"1a43675eca2b0715ac3d4d95bb097d65","sha1":"7e5199e1ba211a65eb7d3b7f9983dc36234c851c","sha256":"909947e92aafb6ab8baf0ace70d6ff0653853388db5a365801bbe13399ce86be","sha512":"0138979e214ee86a1693e46d4e8103b8013347f908fffdb93b3c79b2e212ed299be54ddfb34d411e0528b6de8a5dc0369a47bc487f1afd95053741560d634ac2","ssdeep":"192:zBbctwvZXOqgG0PYmci+arsRvXLo4x2A+mNLaVa3p2mEDjwlh3vp8GRFkCZDsbQu:tRvBBdSWi+3ZXkQnlhB8GBsbjx","tlshash":"c362d664be19b07425b7c2e9c0de5b68117c97c2e72ac9e8f17134ab11c22bc5217fe6","size":15092,"data":"","first_seen":"2026-07-02T22:42:57.127366Z","last_seen":"2026-07-04T10:40:29.264274Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/OddChangeIcon.Bpv3dyvF.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"156b367312d6d7ae95c52a9b2ad64281","sha1":"282ff55fc5be5b2fb450f5ffad5057bc04fc0a7b","sha256":"ae07943480bf3e0e7e591ec8479a20238ead092734e5c7b67859335a68f201b1","sha512":"6d7e5a7dc1fe393f780b2de6ac77425eb370b26c22eda6640ea5059bac7232c7e45b703540e173dca0683e346e1c936b0272a67ad481c3353384bf2ab82b3ddb","ssdeep":"","tlshash":"0a21f19e5c4e8929de39852b27229d5ad42196a1cfc828cf97c16631d3e006a3acc5bd","size":1249,"data":"","first_seen":"2026-07-02T22:42:57.283314Z","last_seen":"2026-07-04T10:40:29.227786Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/GoldCoinSign.3mx8SGbz.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6447ba495c21fb7d0509c1d23c8dedfa","sha1":"973aaaf55bda2cc74c8b65644d93af41a052c9aa","sha256":"0e84ec7e1bab30ec8a5d89dbbc2197a83b566ea420cb6af3c62ed746fe28a9a6","sha512":"6e4705697d51276aced99a27bc4c97e0709d7990d2631c5c516551dfe5166c36abb7af6a3f99070ca9e0c9ea9258707e78abef64a0a932518424ea70120245dc","ssdeep":"","tlshash":"5e81865b7076a6b87aa75c44605480a3a20cbfaec0a4845964ff083b3787ca5974d73b","size":4067,"data":"","first_seen":"2026-07-02T22:42:57.056324Z","last_seen":"2026-07-04T10:40:29.323854Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Dropdown.CCarB1fp.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d984e3415648bfd542bb84614c7c691b","sha1":"e5b4522b9710461bafb44627d280200cc003d92b","sha256":"96117a7f6fb1f23db2ea632df2b663b682aecfdac5a00179e6ba91436d8ed428","sha512":"9290a876a1473af98c5809a956ae0e0a60a27279aa47c719434fcb7e3f11c734ade5f7d094c7c2fcb5e390abcb6cf5ac3ea21dd5ace46315990eaf41b79cf4bf","ssdeep":"384:Rvav73ZShV7dlXoxDsw547MIfXeiNpSBpyex2yj:FU7JShVzoxMXPNpSBpyex2yj","tlshash":"b082e894f44ce5609ae385d8d29a8109a2172f83ee16d1f2f0ba1cd513d5374e29ff2d","size":18933,"data":"","first_seen":"2026-07-02T22:42:56.94985Z","last_seen":"2026-07-04T10:40:29.352971Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.CB9IPjua.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d98830e9046f4337114d79dfc284ce5a","sha1":"5eec0306087eee09e479ee7f28fa4531a990bc55","sha256":"c3767f9c47e7016a95852b1dbf2007c126af1628376b5e9b38d39956ccb942f1","sha512":"86117b591a24da2be1f38b7fad485d307cd016280ca33189c296215424edca4a5622802775aa51ee3e5e5706e4c320c4f848d15d4298c2758236d4a871d1ef7d","ssdeep":"","tlshash":"9131790a192d977f77138814f4813186604c7f55d023ccbad2b11a326bdb4f4875e727","size":1803,"data":"","first_seen":"2026-07-02T22:42:57.249161Z","last_seen":"2026-07-04T10:40:29.356871Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/homeLeagueOddsColumns.BWSR6yKm.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"45d7ca4836c74586919acc63b45ef899","sha1":"f49a072d41864cca570ba41a84ee0e33da9a24c1","sha256":"8e75cfde4037d7d446d16aca662e066c5451e111f9856ae7026bdfaaba62ad76","sha512":"0f4ce8687f7d581a5b880778330f7fb02df632758546ad0ac8133ed242ee5adf976e85c141952a5fa40d8340837436cf62b2981087dc4946d01b79c4d18f7bd3","ssdeep":"384:2b4RQTWhP9ftAYRK/P5jp5yYjnI4HUZJvZOaAzBhfDfxelmsrI3:2brqdVtAYK7MJvZOaAzBlDL3","tlshash":"96e2e858a02799bdb4f3908464644092f44c7fe7d104e487f4fe5e2627cac696bf8bb8","size":31200,"data":"","first_seen":"2026-07-02T22:42:57.086566Z","last_seen":"2026-07-04T10:40:29.399719Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/siteSportBet.W4Zh4-si.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2720d994ed041be80c28f0d03f5d9fb0","sha1":"c84a1801c8fffdb731962cd3d8b080262a31a94d","sha256":"2f400c80e72b8393054e93d746cc9ed8ba2031924b0275d74ab6121e587b9f2d","sha512":"4217a19d453b8fdf57745ad6b0a06555e44d3e0748585612d8607fb5a2b20599889c57fc4a6c9c76214cf9011eadf8e0343785ad7f3b0a728d7711f60c123233","ssdeep":"192:atl1o3eBbuc5c0E3q8zADNRPrctVD0fultlqcRS4HTiW6c1gxD0ywlqKl82cxllz:atl1o3eBbuc5c0E3q8ze/DcTD0fultle","tlshash":"e0f19367b29f520157c0207c90fa07a37724647e24a388ecbf6deec96625a5473b5b3c","size":8151,"data":"","first_seen":"2026-07-02T22:42:57.118539Z","last_seen":"2026-07-04T10:40:29.302096Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/use-notification.CqNmJ1-y.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"052ff1553f44863d3a33bb8bc7647527","sha1":"756f0b1f12c45bc66eab42d78d5d0ccee04ff269","sha256":"e917ad61fc7dad519a60385ab7332794b76f98f7bbdbe7dbca5bacea8b69a1eb","sha512":"779aac4a09f61ff0053cbf9845b5451a13841e6b4e5d0a2d9f303adecec58eacb889378fb8c388cedd7aad4dd3b87079a88fb6cb699fead90b3766812e55c5ee","ssdeep":"","tlshash":"3fc0229f304562b01bc205b364160c8d41634a082b440bf0028f053067122b0830fc8a","size":189,"data":"","first_seen":"2026-07-02T22:42:57.147403Z","last_seen":"2026-07-04T10:40:29.385927Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/BonusSign.CN2QsnYy.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9197c2a284044eac99898190a5a522d5","sha1":"fd7039b96348f35d0e0c8bbc1b199b2943f1a1f8","sha256":"de7e05031a1c99a311e525e1895ce3e733660ffa11d5f3f7f4bc5256926d83c4","sha512":"e6e79fc1e65849428c188262ab383c58b9fb878c974bfc69a3726d920a68988cc7f15aa8a4686068aba62b1fc41ca1255e975b0d97682882cfd99f422b781570","ssdeep":"96:lXIgbAOUZ62KHkSzl8AiK/P40siCj9Hy+8i9a/aEBoNaD+2cGnq:1IgbAkz8AV40Sxqyt8Cvn","tlshash":"2d81954bb0366ab4bab75c84609180635209bffec0b5845975ff08363787c65578a73b","size":4167,"data":"","first_seen":"2026-07-02T22:42:57.0416Z","last_seen":"2026-07-04T10:40:29.235403Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.C0K9a0ZJ.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d85d5429d6e30af48be229cacf23f121","sha1":"ebc2fa25568cec2e97745e3e04af1c808498d56d","sha256":"034980241a7ba8bf05b61b3ec58694b1fa8065e081ea7d45b42bdbff05ac4b93","sha512":"fded455296e73ffec23eae622efb577dd6a6a60dab794004bf06b2c7baa985ad1ace0f6c63d061262d17e0f2482e82676caf980bd311dd47108feb4e0540558f","ssdeep":"","tlshash":"49518566b83d8db8f2731cdd70214518a2091e4ae1626dd5e83a17aa2c07fa1cbef518","size":3103,"data":"","first_seen":"2026-07-02T22:42:57.125751Z","last_seen":"2026-07-04T10:40:29.354235Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/RadioGroup.OsNXBEMH.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f403ca81b069f87933e39b62931098b9","sha1":"2f89b0df8cfdf5069dbe029cffb61f6dd7a729c3","sha256":"181ded27b986b255ebcd838c6917274c1f28ae4f592b3c18b5a99a708985acb1","sha512":"51a398270449b6da007863275847156245a257d57f73cfc7cb9fdb63e582dfd2c2efe6c7b65988754d2ab69c567db351f4162b6971826144b7675e8848cbcd83","ssdeep":"192:SD7HMyN7VgL4vpCynbZ8ND6DQnbAlpXJefMef1e:Sfp0RNDFnbAFefMUe","tlshash":"b132c6fdbe09a1783eb3c695938b424a33047992e712d4e0f4a3b05012eafb9955bf15","size":11801,"data":"","first_seen":"2026-07-02T22:42:57.282324Z","last_seen":"2026-07-04T10:40:29.130388Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/use-keyboard.CCfZsO2U.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd7612fd3462789ae46e2ba54b9fa3cf","sha1":"bc6dd671940514e16bfc237c27873ed46c95f708","sha256":"d5f8d09cb819587d2607f52d6f473671bb48a60ee573ce8cf2749fa97c609d77","sha512":"7b487c0c40eb6892a266fb685af41527dd49892af46aab2ea86a9f8e209a51a30ba421d6cead7cc8d5d7687252c245ac03b000a6b6788dbb4ec7d805f7b3d837","ssdeep":"","tlshash":"2d2124a0205d64fd9aa9ded91a3fec00345279707009bca1106ddf3b9ff9a429543196","size":1198,"data":"","first_seen":"2026-07-02T22:42:57.073118Z","last_seen":"2026-07-04T10:40:29.354945Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Skeleton.C7SK15a3.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5a0ca2f71bd94f9a897819a558de4aa7","sha1":"6f52e49cbb5939182cd171fea0dd8ebef7661c43","sha256":"56502f2cec8e649113f7c33a0c7921cfab738c17dcc0d4d07a4bf28459a7cf09","sha512":"eb3449e7309476902be92e6fec851b2a7eb4fef0f93e00f7103eccf45da446d10a32a731bfc2e10fd4cb906007d324570bf1c5b0a714e93360041b87d2c163a3","ssdeep":"","tlshash":"c951b79cf3dde8f769e3c8ff626a4754101835856b70e2a0b2b638a136012779721f22","size":2463,"data":"","first_seen":"2026-07-02T22:42:57.124408Z","last_seen":"2026-07-04T10:40:29.345289Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.B2lkHGB0.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d058223b86ab7d7d9028d25ccb92ea1","sha1":"9095adc11fa52153f83d5484bc00520790693971","sha256":"a7022e275105aa10568527349c3d04ecc89a7a6e987a546369118c0bc3da9c14","sha512":"7fed19c879e0e4d942fa6de840e12c3a22743c5d86b49da45a707589471eee4d84eb355958a2a901f704bfae6b91ae0431019846a050775b8514fe433f2a3655","ssdeep":"","tlshash":"20611ab3b84fec340d630c38641558415c096fdfc174790d99b9b5391fad9a0d96c3b8","size":3360,"data":"","first_seen":"2026-07-02T22:42:56.961184Z","last_seen":"2026-07-04T10:40:29.240108Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.vue_vue_type_style_index_0_lang.Co5Eh2zM.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9eb99f4473006eaf5db48106a7fcea00","sha1":"5ea2611bf710045a772d36c77dcaa40f540d0199","sha256":"783ae48136e14c2aa62b746d5d158ce58973a6c2334afe418d2f0381084e8d35","sha512":"c0029e128b5cd9230377dcac326fb97109a6b62e50f398b3ed1caf58d73ed88315c87dd5ad9899b066bcc473f57e96ef4b621bcb0ab5ac0a56d005499562d2fc","ssdeep":"768:A/J3757ET6nycEPF7WOqFsV1WtNhD0tW9kMBiz92Q0jJCLEUEJBaZUkN5V68UWEN:AhtwskhnWdYBAQvL5Vs7ZuYV","tlshash":"bb730a98f60ab07152f7c9e9d0af864963163782a704d1f0f0b69c610692779f0abf7d","size":75505,"data":"","first_seen":"2026-07-02T22:42:57.158543Z","last_seen":"2026-07-04T10:40:29.1342Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/time.rfAp2h4y.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e5328e24f911c6c542d9d7b2553201d","sha1":"90a6cdede54c05e9f9847ea64c4fb488d20fc98b","sha256":"d339a3d08ea65e85129e23828aefdf741dfd41dbd1099491794b815c0b54123e","sha512":"fa4da08e66f744a5a95446eccbf6cb04dd1e921e5adc6a5cb41ef905e2395c2ca0edec0b467c4e49f571768f1df05f6996753230d2f317bbbf59de33510a83fc","ssdeep":"","tlshash":"5a1125c12569a026f52701ecd0f883a62525da30bd266e54ff3f4a26317b4c7481ff94","size":1005,"data":"","first_seen":"2026-07-02T22:42:57.24819Z","last_seen":"2026-07-04T10:40:29.347718Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.jsHMj9PS.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"517267c12444047eb41a06b8873ff756","sha1":"27b9b07a372f85869840ae03bb09ba6393776435","sha256":"4dce1d95f857975e001da696bdc261fb9fe029e717e2eda885648a0109a2b6e8","sha512":"b1dff599ce3b10755fe0245538181b85d6122e7725b7168974b83204d5f57384c8e704cff87ba6fc87d273046fb40b4d13d1f3ea048b70cf263b11204dee954e","ssdeep":"6144:OFdwuwe8RN5x+OyJJUK3oa8jcOit/ECEN3UOvuFI:4zo5YVSK3oX41ECEN3UOvuu","tlshash":"52541ad839d2cb3acc00b8da73d051a22d8e0b7a77a900349971797f5b317c39de59a8","size":302159,"data":"","first_seen":"2026-06-24T13:33:43.042162Z","last_seen":"2026-07-04T10:40:29.175122Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CCnRiDlB.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"74cbb9254f66d7f3e7d21ca7a214586c","sha1":"dc7b6f643cdaec1205856177889acf7a22d22d51","sha256":"1871db70a86d80bd5a6edc6e2e78ece4b9656889a130146e7796b37f58aba96d","sha512":"4cc6028e36a85e179d011f857e3658b0721940d968ad11fe94e7199e74e5800f9b1538ba04a36ad1a75c5aeeac969a75219f469601d9f22d8ef5fb959381c7af","ssdeep":"","tlshash":"db51a7012c12c6fe6efb8100912e668ac1093f38d52ec556a3fd48067bc78b6b79e764","size":2763,"data":"","first_seen":"2026-07-02T22:42:57.15219Z","last_seen":"2026-07-04T10:40:29.341389Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/GameHeroSwiper.DoWyvgqM.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2be49717d6ce4e92740380c82d47d2bd","sha1":"907cb4977079f096276ccf4133d017bc8170e9ee","sha256":"29661761a0e0a203d8cc1514494cfc72ace06b9d12e1ca122582b3552e74a635","sha512":"2db57b7fd04c981b5b8eefb39db6d8b44d57fb2dcd8e28056dcaa8e74956526de50247ff9d71b2c7c940b7ce03e6ada2fe2651c691fc8ab0a10a00f74140740d","ssdeep":"384:g1D+wM6QOyM+J3GCdZI9Ix17TIvYEy9LELpLLLK0d1sXXR5RzR:g1PM6dyMeGcZIyLIvYEy9LELpLLLK0dI","tlshash":"9642e85c746245bdfb3e498b1244b81d71282b82eb65d8c5f2fc362617e2c79ca1a33c","size":13061,"data":"","first_seen":"2026-07-02T22:42:57.217072Z","last_seen":"2026-07-04T10:40:29.257585Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/video.Bv5D9_Td.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"718063586df6dc66587fbd457ec5f4fc","sha1":"388405a35f553a05a7e8682e767b288db16c0daa","sha256":"c69902672eb03df339be1ddacada47060eb42bca1ccf5f5efdb38fba69a9aaa2","sha512":"260bd3f8c16fdb74e8548a50abb047a9dc2e77e528173048b63b42687413e0a27a9d4f15be052755de672c2238ce48b6304a6c2207e3f8a12168775cc75975d8","ssdeep":"","tlshash":"689002295c01836024954069af9289699411851a32750694d0160941a319456566c565","size":57,"data":"","first_seen":"2026-05-30T07:41:04.641841Z","last_seen":"2026-07-04T10:40:29.390514Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BSAXl5AS.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c41c8095db7b9cf819bbc15e515fc3f7","sha1":"a6f502c8b5e0869952087ca9dffa2c2eb1fde4d6","sha256":"5af6e10d64f8ef67cf9417030b11f9f8bdcb431d933e0c61730f279e62fa5224","sha512":"78e0e2a67837a92cecb607b967c3ea09a3a5a465a4b271abddd14eece939201d011543aef0382da0482c75ec66d3995b77bb68ec118dde4a89d9f854b1a92183","ssdeep":"768:uQoVJBBn/LhRVlUBH9M0aKKmKF3hRtFanj6F6bf+Qht0q/Wcff46aU:GVpVOBpeh8j6F6qQws46p","tlshash":"17f2395cb0256a7de3b79485703a204492292f9cd820c8d3f5bf8c7127c9e6827de7b9","size":34307,"data":"","first_seen":"2026-07-02T22:42:57.048867Z","last_seen":"2026-07-04T10:40:29.387187Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b87bd4a06087393960e2ce03e3396b62","sha1":"3f567ef4e310b7ff3c13e663558e6d5d2a51011d","sha256":"b967ccd7d71814002fe47d0a6d7798b977e8bb63ac554969de62c53ba21dc420","sha512":"1e4d618e56f93d76c9d6c51392fefd99c3646ba005c450137a3ebe2b5c1b0a6c9eb4d533fd56199388c49be09f026fd165f92b2f4565517e87e2fff85e41c69a","ssdeep":"","tlshash":"e341e5889e9020523ee3775d47be215434e390db480dd4507a4da342afa1a1fc36eeed","size":2125,"data":"","first_seen":"2026-06-24T13:33:43.120074Z","last_seen":"2026-07-04T10:40:29.411212Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/details-arrow.DtgI1CkQ.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"163a02ffd7cbf774ac47485f87d11631","sha1":"30467f6feacf6eb74e7a3628dcadccb3866dad2c","sha256":"2d502486f9a515ae20f2ae52153a0dc251b243eb4fb0bbbaf62f6bcb29395b00","sha512":"5faf7f5620bad75057bfdc339e7b40e5ef53b62b10cc0c0fc1cb22fd3e79a794e37b7704f3e8987c06e0a1a757eba76a861852382aa914afdfc2b14886828af1","ssdeep":"","tlshash":"f0514d7797644cedbe9044b554063719ac7a730dac2077f49d0d4318bad3b642a7991c","size":2977,"data":"","first_seen":"2026-05-30T07:41:04.633269Z","last_seen":"2026-07-04T10:40:29.177796Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/config.BpcUrZ_O.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8ce1fadea8c88bd580d9afdd0bda37f5","sha1":"aefe3439b51d025b26f915d45eeec3433e2b3ae2","sha256":"3236f2722f428e539a1b95e01cb461b55df5800df94932c351fb42a9767e90f0","sha512":"ccd01d2eeca96368b05f541ee6b74defc95349c0d522790561c2d528b86e1514d87d6a81b9096c9a1f3276072c7da0252c909469b108c7ec5c9cf2ae4217fda8","ssdeep":"","tlshash":"dc31209e8b6338de09f20e5494db0f31d41c0309ed268825e3efe63ad502e816227e35","size":1808,"data":"","first_seen":"2026-05-30T07:41:04.696534Z","last_seen":"2026-07-04T10:40:29.374818Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.vue_vue_type_script_setup_true_lang.BMZwK_KH.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4a1e5f9eb8c1672f2e7914e5811f7c1","sha1":"1ab1de00d064acb441b6716375d0ca203eb6c66b","sha256":"1597df2716cc1ec97ae4fc1ddc81b6972ffbf0ae712a1a4f36160c02f38be3aa","sha512":"720c2b17fb11056943d87400ef23d380731d5d0e04df64f111969fb87fcb71a5d7f05035cf931c5e698d41b88412d9331c7e0f90ce50f0ee91f28e7bc1f60323","ssdeep":"","tlshash":"ff2166cb3c6800bdd3b30c44d26199ed2125135ca276e8e6347b542a23a7c8077db1a7","size":1186,"data":"","first_seen":"2026-07-02T22:42:57.286373Z","last_seen":"2026-07-04T10:40:29.348949Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/normalizeSportLiveMatchId.DIcg771M.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff48b997e9f633bc6a76dc8cd00787d2","sha1":"5b54fe9d781b395dfbe01a64600a02a4374cec8b","sha256":"00646510beb6654691afb8464a9ad71d9a33d41011fb6e9347194501d0bd3b11","sha512":"13618cc0d913c505bdbf53859238e23e9db560e54009c2084b180095759f4868cc1b1a09c190584f37891f2319f9aa7ca87967e56951cc0af1c9210eeab0f88c","ssdeep":"","tlshash":"cdb012cd710d601c97120228133a7c68c030ca0929358ae5d04242c3253b8a0029bfc4","size":95,"data":"","first_seen":"2026-06-24T13:33:43.093878Z","last_seen":"2026-07-04T10:40:29.11763Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/usePagination.DhDoupwU.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba2dbe544344b438508cb6019ac2f8c5","sha1":"ac356b38ddeb83997f7549ef5c954fce949a8d56","sha256":"3bd9c616a75f5ed900db3f66a6a546fd87086c7ae3568fa6b8361ed9b252b932","sha512":"ab5f84e0c363cc6f0f176284ed69f295ad2eb4de7e026ac5d78852e087d00a5cff8ddd891ba73102bda78fbfababd97ec1ed18cee16bd1f05d1a9421f5f25ee3","ssdeep":"","tlshash":"6b11e18bf2ab31b49379ccb59099144c4d04afd175669dc87dc95b5963b7ccc3345832","size":1026,"data":"","first_seen":"2026-07-02T22:42:57.157569Z","last_seen":"2026-07-04T10:40:29.307199Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CH6viwdo.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"441cc00726c51dbcf7bd228ac4a15640","sha1":"6c008d7197b1c9b64d7b139d4a631a34a29afb40","sha256":"775ac9742a11bb5719981745b6680f1b05eb408887e769c8053b8a17372fa217","sha512":"152af3217c98beca72213430b5fd689445c84dc78b8549cadf74fa4e66f660fe8dce5b6914821b3657246a0700e0d592278e007a6616893f90cb9a9426a19c6e","ssdeep":"384:nRd4MMg0ZuJeBK/ibanSC3gEDbm7UjFjYxPeVYeaFXlFefPcoSv0Lby7zyao:nRd4MMgHeBK/ib3C3gEDK7Aj4PeVYea6","tlshash":"85b20947b13a1e7eb3630da0f069069b520c7fdbd510da80a5ff19701bdac8056ada7a","size":24192,"data":"","first_seen":"2026-07-02T22:42:57.153351Z","last_seen":"2026-07-04T10:40:29.357931Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Checkbox.-H0Rifw_.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c3893d98b6775ed3776b377256cb0d7b","sha1":"07ece447c8e54ea46181d5657395270865e42e3a","sha256":"d2a911dc659c200908ffe325ac3ba5bd09e2994d70121a7e1f8ba1408024d07d","sha512":"1c81fc78e94f78faead3cfc21ffcc96171c3ca159d5e930f4135f56bd84687d24aef9f097c533dd7a2deeb07715036ff7bdbdaf536cc23727ed816b85698b158","ssdeep":"192:MPSMVxdb68jFL3pqy9abRUg8ujjkupMnqcpvib4qNoWT1RvSnop1ijV:e7x68jF7pqy9abRUg8kVzNDTaop1ijV","tlshash":"4122a53afd4a90b225b3c5a59197080e61226642df15def1f0f28c001ae9afce54fb7c","size":10442,"data":"","first_seen":"2026-07-02T22:42:56.9814Z","last_seen":"2026-07-04T10:40:29.24396Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.l-bHMgQd.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4287023c37061e50dc89e2e4a2adb9c6","sha1":"d4188dc7c571a8e4283fc665ca0d0d0ea92bd628","sha256":"0a1f2bd44fbb80e7bfe2c3802bdb8fe8a9f8bc5b6b3d66ef571274fdee4384a2","sha512":"eb50af5d8b00aa55db0198587f39ff9080575e2697da518afe2a226a1b42c7752189ed162ba760bc2c52a35eec6c2c07cb64e6fc616eb59f5844353d667f4d08","ssdeep":"","tlshash":"7d31409ab40d80f22fe394b87021321a538d9fdd9856c1e201ed6a490f0fcad4a4ea39","size":1533,"data":"","first_seen":"2026-07-02T22:42:57.004448Z","last_seen":"2026-07-04T10:40:29.281339Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Tooltip.BFzxRfd_.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f023f1c78335496eebbce05a50016fa6","sha1":"ec2e5a7e9ae5603fa077e01c65753304e0d6fd61","sha256":"bc6b0dd8e5d7652d1bd03706c4eda197649eaff9e3cdcf49aa80e9ec55dd4744","sha512":"e17ff6ab95f47aec4c74c5ce8fec73f56f06f877398b1f26df9bb0f15fd8148d36281bbe75a40bcd5566d2a5fb308ecc28ee005905c3fa539535c86f1124f3c0","ssdeep":"","tlshash":"3611bd1de88184b4077a30cde43a4a14fb172749a856f2c2fe37598a6145f42cbb5e65","size":969,"data":"","first_seen":"2026-07-02T22:42:57.117521Z","last_seen":"2026-07-04T10:40:29.398899Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.TwpL-sLv.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3c66c0d8dab88f2117e910df4a28d63","sha1":"e018afd544e8e414e3e02e480671d3bdf2b29838","sha256":"3d59944014b79693352d057b1ddc94f5782e56b40306aa7a36eda270bab5cb70","sha512":"ffd35e27950463917af821ba6b66b3aa7f1549a1d58cc95829c082ca9354519920c24d5de1497a39fdd99f09af36d218b344cf82a0f254a286687bdc1be3a846","ssdeep":"","tlshash":"b331963eb47a9bbc735b0874415508c9362e3f9ee275e094c0f809160ed6de0d76b428","size":1764,"data":"","first_seen":"2026-07-02T22:42:56.963117Z","last_seen":"2026-07-04T10:40:29.122259Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher16.process9//obj21 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[promoId:map[configurable:true enumerable:true value:118 writable:true]] ownPropertiesLength:1] sealed:false type:object]/site/f/siteConfig/query","filename":"https://ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","line_number":2460,"column_number":4292},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher16.process9//obj24 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[isSportHomePC:map[configurable:true enumerable:true value:true writable:true]] ownPropertiesLength:1] sealed:false type:object]/game-center/f/menu/getHomeMenu","filename":"https://ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","line_number":2460,"column_number":4292},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher16.process9//obj25 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true]] ownPropertiesLength:1] sealed:false type:object]/game-center/f/sport/querySportType","filename":"https://ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","line_number":2460,"column_number":4292},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher16.process9//obj111 class:Object extensible:true frozen:false isError:false ownPropertyLength:14 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher16.process9//obj112 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:14] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","line_number":2460,"column_number":4292},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher16.process9//obj207 class:Object extensible:true frozen:false isError:false ownPropertyLength:15 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher16.process9//obj208 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:15] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","line_number":2460,"column_number":4292},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher16.process9//obj265 class:Object extensible:true frozen:false isError:false ownPropertyLength:15 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher16.process9//obj266 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:15] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","line_number":2460,"column_number":4292},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher16.process9//obj267 class:Object extensible:true frozen:false isError:false ownPropertyLength:15 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher16.process9//obj268 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:15] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","line_number":2460,"column_number":4292}]},"http":[{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/normalizeSportLiveMatchId.DIcg771M.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.581Z","timestamp":1783161596581,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/normalizeSportLiveMatchId.DIcg771M.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-5f\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 95\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95,"size_decoded":374,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"ff48b997e9f633bc6a76dc8cd00787d2","sha1":"5b54fe9d781b395dfbe01a64600a02a4374cec8b","sha256":"00646510beb6654691afb8464a9ad71d9a33d41011fb6e9347194501d0bd3b11","sha512":"13618cc0d913c505bdbf53859238e23e9db560e54009c2084b180095759f4868cc1b1a09c190584f37891f2319f9aa7ca87967e56951cc0af1c9210eeab0f88c","ssdeep":"","tlshash":"cdb012cd710d601c97120228133a7c68c030ca0929358ae5d04242c3253b8a0029bfc4","first_seen":"2026-06-24T13:33:43.093878Z","last_seen":"2026-07-04T10:40:29.11763Z","times_seen":15,"resource_available":true,"data":null}},"time_used":466,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":466,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.TwpL-sLv.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.583Z","timestamp":1783161596583,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.TwpL-sLv.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-6e4\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1764\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1764,"size_decoded":2046,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1699)","md5":"e3c66c0d8dab88f2117e910df4a28d63","sha1":"e018afd544e8e414e3e02e480671d3bdf2b29838","sha256":"3d59944014b79693352d057b1ddc94f5782e56b40306aa7a36eda270bab5cb70","sha512":"ffd35e27950463917af821ba6b66b3aa7f1549a1d58cc95829c082ca9354519920c24d5de1497a39fdd99f09af36d218b344cf82a0f254a286687bdc1be3a846","ssdeep":"","tlshash":"b331963eb47a9bbc735b0874415508c9362e3f9ee275e094c0f809160ed6de0d76b428","first_seen":"2026-07-02T22:42:56.963117Z","last_seen":"2026-07-04T10:40:29.122259Z","times_seen":5,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":473,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.Cf3mnLsI.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.987Z","timestamp":1783161595987,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.Cf3mnLsI.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-170c\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 2178\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5900,"size_decoded":2488,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (3248)","md5":"66d534856b69e3b22bd4e9748943ba07","sha1":"9271db5af485d4d434a1700567108cf6893a4d8c","sha256":"d0a80118134c0bf573970125ca69b7bd1b43ef8d35b2b5443804b37d984767cf","sha512":"02dcd6dde82e4d925ec9507a0a89bf2ad2692acdfbfc180a6719bad82e8f2929fb194f5d3df1397978e367b48be852c6a6087b69cc4bcf4c1fb928aa92d40785","ssdeep":"96:jJyY8J9bwlVy+TY/ygeKbr+aETv9l7/IBY3YWDflectiP:9yY8J9ElVxgeKbr+Zv9l7/s4YW5eH","tlshash":"c6c1cc025288fffb89f38ea97b8f1e24c4f2c7b5426185e5d7ad4c7811e6096237d542","first_seen":"2026-07-02T22:42:57.263256Z","last_seen":"2026-07-04T10:40:29.12694Z","times_seen":6,"resource_available":true,"data":null}},"time_used":547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":525,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/RadioGroup.OsNXBEMH.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.627Z","timestamp":1783161596627,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/RadioGroup.OsNXBEMH.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-2e19\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 3586\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11801,"size_decoded":3896,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (3633)","md5":"f403ca81b069f87933e39b62931098b9","sha1":"2f89b0df8cfdf5069dbe029cffb61f6dd7a729c3","sha256":"181ded27b986b255ebcd838c6917274c1f28ae4f592b3c18b5a99a708985acb1","sha512":"51a398270449b6da007863275847156245a257d57f73cfc7cb9fdb63e582dfd2c2efe6c7b65988754d2ab69c567db351f4162b6971826144b7675e8848cbcd83","ssdeep":"192:SD7HMyN7VgL4vpCynbZ8ND6DQnbAlpXJefMef1e:Sfp0RNDFnbAFefMUe","tlshash":"b132c6fdbe09a1783eb3c695938b424a33047992e712d4e0f4a3b05012eafb9955bf15","first_seen":"2026-07-02T22:42:57.282324Z","last_seen":"2026-07-04T10:40:29.130388Z","times_seen":5,"resource_available":true,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":429,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/3a2230ee525a8bf74489ffe3a2d5222b.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.428Z","timestamp":1783161597428,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/3a2230ee525a8bf74489ffe3a2d5222b.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.vue_vue_type_style_index_0_lang.Co5Eh2zM.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.626Z","timestamp":1783161596626,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_style_index_0_lang.Co5Eh2zM.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-126f1\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75505,"size_decoded":22782,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31787)","md5":"9eb99f4473006eaf5db48106a7fcea00","sha1":"5ea2611bf710045a772d36c77dcaa40f540d0199","sha256":"783ae48136e14c2aa62b746d5d158ce58973a6c2334afe418d2f0381084e8d35","sha512":"c0029e128b5cd9230377dcac326fb97109a6b62e50f398b3ed1caf58d73ed88315c87dd5ad9899b066bcc473f57e96ef4b621bcb0ab5ac0a56d005499562d2fc","ssdeep":"768:A/J3757ET6nycEPF7WOqFsV1WtNhD0tW9kMBiz92Q0jJCLEUEJBaZUkN5V68UWEN:AhtwskhnWdYBAQvL5Vs7ZuYV","tlshash":"bb730a98f60ab07152f7c9e9d0af864963163782a704d1f0f0b69c610692779f0abf7d","first_seen":"2026-07-02T22:42:57.158543Z","last_seen":"2026-07-04T10:40:29.1342Z","times_seen":5,"resource_available":true,"data":null}},"time_used":479,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":479,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/AmericanFootball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.833Z","timestamp":1783161596833,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/AmericanFootball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5558\r\nlast-modified: Tue, 28 Apr 2026 03:44:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: AWeDlgH7R4a72WtiHbFp8V3pbKdvhied\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"31c4ab00b35a863a4f3579d4671a5565\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: pXiImxezHWnQN9-iAty0IgcgmejdZEzUppkNvl2u5NNF6b8rrsB0Bw==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5558,"size_decoded":6125,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"31c4ab00b35a863a4f3579d4671a5565","sha1":"21aa5684fd8806c31e7f867c0780b31d72a0bf44","sha256":"834672e2b150ec1c2dbe42a85085267496ce597138bbb5a83f83e89ebed659b8","sha512":"9c695838c22393fe8a5237bcdf153d9557aa43f6fd56d48c0266ca636fc3dfff2ad298a4d603aca9f91ea50f8ecdf0eccfce7f7fefb133a1ca60befe76073e58","ssdeep":"96:87SKnJuC62gDWZCyd7oqdkAtpqSkGDZO/GNy9N3XzxxmJlQLMRWi4zm9:WSbWz7fabSkKNyjTx+v4q9","tlshash":"48b18e9a94764102d09fb66f4cf391b09f873b802589cfa27cc3bd663b207268955d87","first_seen":"2026-05-30T07:41:04.751559Z","last_seen":"2026-07-04T10:40:29.135759Z","times_seen":24,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/28790fe5f45f127d1fc28713aca09d69.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.424Z","timestamp":1783161597424,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/28790fe5f45f127d1fc28713aca09d69.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/f1331b60b48348e2969f33a80f1423e7.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.141Z","timestamp":1783161598141,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/f1331b60b48348e2969f33a80f1423e7.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5582\r\nlast-modified: Thu, 05 Mar 2026 08:40:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: wjkU5EuFuRzlkRH5SBjEvthfVBax1BAr\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"31fb14137e2299cc734d143e453cec12\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: NTySX4UkE3Y-Tk0KrH2AVXtbuf4siN3Ol3cIaoVbMW_1OVHJeme-zQ==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5582,"size_decoded":6149,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"31fb14137e2299cc734d143e453cec12","sha1":"eb8bba6f7d5d55a655663a8d5ee2e38629e51184","sha256":"d19173591c9656c46a818d8fabaed77d608bdc3845414953cffd826bb76c785e","sha512":"20ee04de40226d425de0d30b9f930bf7ffb793a134bb0258d91d9f475f89636ef490f3d8308780e43ae30dacad83380af1e422235ce6e1d4cfeea104d6ff4f49","ssdeep":"96:9SRES3Uk5boaSbYxPBjIw9dMHO/+/3K9s6NL0mVkm5a1XdqlikAX3:9SMWoTbyPBjI3O2fK97LXNYX8li3","tlshash":"fcb17cd5b58bbc24473685a1ad60c3b0d44719a5cbb12efc2dae802b04d829d51eb3d3","first_seen":"2026-06-28T16:04:36.827445Z","last_seen":"2026-07-04T10:40:29.136635Z","times_seen":3,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/roulette-pop-bottom-jerbc.CdqRbgzi.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.155Z","timestamp":1783161598155,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/roulette-pop-bottom-jerbc.CdqRbgzi.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-69f3\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 27123\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27123,"size_decoded":27381,"mime_type":"image/png","magic":"PNG image data, 534 x 233, 8-bit colormap, non-interlaced","md5":"53080839347f1f40e299214c513130ea","sha1":"f4d698ce028e5678b7ea4709f4ecb570467989b8","sha256":"8dc2c61044c883e1432fd0915c08a6adc69a4c6b650595ce7d66e2fac1eaa755","sha512":"d46f0e31087828e10c6ddfc24081fcfe8ae36bb0d5374c3b328b65cf54aff2641e7051844cbdefb1fd9faff62acbed4d0a284f25ab4bec1286c9d71d57c57455","ssdeep":"384:jccxQfpJXZSMb2JC9kFbB8D+6wc3v64bOAencQi1Fm4UiIg/rszvH:jCfbcecpb4+u35KASi/DIg/ravH","tlshash":"d1c2e0e9dbf5c5cc98a85b9b89d20ab4cf552834004d85b96dfeb9ab0776cf381027c4","first_seen":"2026-06-28T16:04:36.829469Z","last_seen":"2026-07-04T10:40:29.141251Z","times_seen":3,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top3.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.877Z","timestamp":1783161595877,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top3.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 20978\r\nlast-modified: Thu, 14 May 2026 08:14:17 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Wp3EnskFKX9AG_zoCoqHyR4rV4mhpaQf\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"8e1de03a2dbbb630efb01043ee6fc2b1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: zmUVtByUqid6W1V8jCVaxs_4odng2LcBcDZDWtGWYjYY_kl149VzBg==\r\nage: 3245\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":20978,"size_decoded":21546,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e1de03a2dbbb630efb01043ee6fc2b1","sha1":"7bb09b5bfa88cf843101a9b61972f863309cdcc3","sha256":"2271b2c45b6d60878d05ef3515f25315d3ff8852f257d2735c65b52c7842816a","sha512":"259c7f9ab14719c7242fe4109c25c743ccec308e3bf946b11f40b5a25a08af3488091c233b86e6a9262d9c0358f5d8784c75db5fc4fa378eace8b92b97bc69aa","ssdeep":"384:CCorrDChVYFRAjwJx2qtxCeXyyxaPVKXIoxkPr7TQKweEMI2/vKJb/oY1pcza4Pt:loPDEFCnMeX5xaPVKXIoxkfcTeEMIiSw","tlshash":"8792d0b7b362180fce4ec2230d7ea5427066a2d1615c99cc0f1287a6af6b1945cef362","first_seen":"2026-05-30T07:41:04.807809Z","last_seen":"2026-07-04T10:40:29.142376Z","times_seen":24,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":6,"connect":2,"send":0,"wait":66,"receive":0,"ssl":222},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/master/f/dict/getDict","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.018Z","timestamp":1783161596018,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/master/f/dict/getDict HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 8155\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":38395,"size_decoded":8539,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (33667), with no line terminators","md5":"f123ef4a9929d2aad8e1ec7c063b0753","sha1":"c8982237d9e10d7c0498e92152a8685a99ee9525","sha256":"608d89e4b9e9e46ba8aab4c902e99f02b01dfbef8e83c782ae511ae4d9a7e531","sha512":"1a41d06d30d79ab4526a26a01df279069de5588b1f11980bc21c41c0aea1ef2a4e3d96c66a3d0a1d258d6cec262afa66f3972fd72803ac1baada1a6009f048ba","ssdeep":"384:ThDGMflhIv6THpfxDvJwGMJ9NNkrdMxrcwkaLVSHc+A:JIsfhhwGFdM9cwlEc+A","tlshash":"e103879eb1cabcfe2493ad81ad8314ca7445208ef8fc9fc562d7dddd6d888460427da1","first_seen":"2026-06-24T13:33:43.036983Z","last_seen":"2026-07-04T10:40:29.143717Z","times_seen":16,"resource_available":false,"data":null}},"time_used":545,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":495,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CEjCQ_lu.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.594Z","timestamp":1783161596594,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.CEjCQ_lu.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-6b3\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1715\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1715,"size_decoded":1997,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1690)","md5":"5326e6a66f1be10ab88fbc19227655ed","sha1":"fe77c77d30b36c69c3c00d339f85013983d49d19","sha256":"2eb46518e5327bbea2750f4d47179803b93f1f5b2d097a07bf76b7114075fa9b","sha512":"1fa02ae817a0cd1a73e7b545978192ac1655f6cf5db11525afdda68ae975426a1dec409087536f97142250a8f8d8f27e481f187075faae2cc65915dd8e4caed1","ssdeep":"","tlshash":"aa3196be741ed6f8f31748a4e0d54413c61c77b88235ed8de6b505292f81544424e73e","first_seen":"2026-07-02T22:42:57.035267Z","last_seen":"2026-07-04T10:40:29.146451Z","times_seen":5,"resource_available":true,"data":null}},"time_used":506,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":506,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Dota2.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.846Z","timestamp":1783161596846,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Dota2.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6515\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: J.ipVZeTFh.1LMmD2VxOiodofkScvpfI\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:46:01 GMT\r\netag: \"076e0bb3616d661a3c83756ee40af384\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: g-4YFUkIjr9xnaX3LxnPdriehm4VVF8tYeuOVt8_2c8fTVA49Z1Quw==\r\nage: 6836\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6515,"size_decoded":7082,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"076e0bb3616d661a3c83756ee40af384","sha1":"251684a21faaf483efb756a60dd3f54890866b76","sha256":"5be0cb4b7855ff16a20af702c633610340a0c034e486027c0704d7ff8033d7fe","sha512":"0d1c8b2426d22c48db21465192275ddd8446e1544398176ddeadddacbffe43654267927eeaf8b7db71872a297099e6d418dc047f2ea8e70b5cb9b04f49ba6345","ssdeep":"96:87SMhS5F1a2LFF93fdWIsJOPRguQgZ4BT8+DdROrVrzvxMNhz30IyQXXyooRCVIq:WSySj1nBl9sJOPHQMUNaVgFtfXCDmuUz","tlshash":"9cd1ad247bd14e540c758ca6971338a22bb70e95477924ad6b0e8d2fec3c46b24dd58a","first_seen":"2026-05-30T07:41:04.847043Z","last_seen":"2026-07-04T10:40:29.14715Z","times_seen":24,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.D9QCF6o3.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.846Z","timestamp":1783161595846,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.D9QCF6o3.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-102e\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 4142\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4142,"size_decoded":4407,"mime_type":"text/css","magic":"ASCII text, with very long lines (4141)","md5":"7a23d56eec17c23327f7736d9f6886f5","sha1":"50dd84fde91d56fd230c86dbc2ca1fc658c7c608","sha256":"3420f740079364fe98e85ab35deb01853c55ab98a4a77ef749cd5f9d2444e561","sha512":"f19347ef23dc5e3860fb5b2b9ff2752306475828f348478bfff9c86be032ace4f138f5f28c4253d34aff6fc057d4e82bbd4982a04840d4a34d2d19a01a2f2fcb","ssdeep":"96:QHeyMIJw+3UN0x+Gi0Obh0bydxM7373RZ:Q+yBWyUNcY0Obh0bydxMLLRZ","tlshash":"608194c171f8f02b56735937247e1aba483e7ac187058fbc5ea7a1c40961ea93763437","first_seen":"2026-05-30T07:41:04.609943Z","last_seen":"2026-07-04T10:40:29.147785Z","times_seen":24,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/home-heying.uXLwwvlL.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.869Z","timestamp":1783161595869,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/home-heying.uXLwwvlL.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-1a137\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 106807\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106807,"size_decoded":107076,"mime_type":"image/png","magic":"PNG image data, 504 x 100, 8-bit/color RGBA, non-interlaced","md5":"a80186020e5b3698cfa1828638fb9486","sha1":"446782430347089bb8be5d2d9a135c285a6cf815","sha256":"6841ffa156c514b8e3ca0bd956a25f405a72d1d7b06b029185ee399025cf26fa","sha512":"d59ffc62d97a34c11edf8e3a8fdd166df36de01f2a7ac9db091d2c2e921ef91da2afafcdeb9dd992c77827b173a5885fd3c121e85f8a425a53ccc41e6e5e17ff","ssdeep":"3072:ilO/5l26QWXShVSJxkuZFSeVF6wLEaKR5m7khmUA:ilgCdWXgQlVF6wQYjUA","tlshash":"daa312ea8f2e4e456b376c783dddc08be5169ab235adc654381006b8ef1f1a324d0a75","first_seen":"2026-07-01T20:44:48.028562Z","last_seen":"2026-07-04T10:40:29.148449Z","times_seen":11,"resource_available":false,"data":null}},"time_used":497,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":233,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/orange/voice.mp3","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.942Z","timestamp":1783161596942,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/orange/voice.mp3 HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nRange: bytes=0-\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 \r\ncontent-type: audio/mp3\r\ncontent-length: 27217\r\nlast-modified: Mon, 02 Sep 2024 17:32:10 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: A8iVAWvk62QOdVCqlxmA_tEY4tx_Qy4D\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"870121a5cdc217704c12d487f5ee463e\"\r\ncontent-range: bytes 0-27216/27217\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 6VgUU3Qbb4IJlPmCTotJJx2_mv44F_nLIW53-wjDmTpzxmRxjkRsjA==\r\nage: 4769\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":27217,"size_decoded":27798,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"870121a5cdc217704c12d487f5ee463e","sha1":"10e871aba6d1dca800b8779c51ae1cbbfc2d0edb","sha256":"a66146607678eb3c324cc5169b74314281828108d7d1d04d18b5ad40a8b7a69c","sha512":"73e784e140ecc6c9f5a02befc3cf330facdc10a622bac98fce69d110bb51b36a1134c6378746a10a88b31d67088865a83401b532e1d3ba53b79410e5267ed61b","ssdeep":"768:OK/RL13CwFoatSB52ZnDfOnOgGOSwdUzpfY:OK9dlFzW5uDbMSjtQ","tlshash":"4dc2f1e530b2f910c08a8758cb7e1dad2457237b9f297ffff94ad3a201366851504b6a","first_seen":"2026-05-30T07:41:04.793076Z","last_seen":"2026-07-04T10:40:29.151804Z","times_seen":22,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/favicon.ico","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.258Z","timestamp":1783161597258,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:57 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS, Status: 404\r\ncontent-length: 159\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":159,"size_decoded":350,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"62612b5e7b2a012de34112a6f9544519","sha1":"a6c72e8ca88683471ad0ff7944211e2a5fb3c595","sha256":"d297e01557482dde6fe71c8e639e87e39edda7577c1c61092e0d6ee2e0250742","sha512":"124065ecc13009c42c005b0b2e9cc95586ee3e8f4acc82032e917932195adcc8fe7bd9ca7536d303491b4515dc83a64fa8e22ed5c990b0c787d6ba8bdc19297a","ssdeep":"","tlshash":"a2c02b6d29137c0c866330b636c37090c1878337f57e51118480845770cf1998ac33ab","first_seen":"2024-10-28T14:43:15.103244Z","last_seen":"2026-07-04T10:40:29.153497Z","times_seen":163,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/start.leSHEz__.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.153Z","timestamp":1783161598153,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/start.leSHEz__.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-1fd0\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 8144\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":8144,"size_decoded":8401,"mime_type":"image/png","magic":"PNG image data, 134 x 158, 8-bit colormap, non-interlaced","md5":"17b2da2173434786e1436bea1d7a5f65","sha1":"8ca3c531559a39c9f1a66e0213c7d16fbb17e774","sha256":"54f8ee6620391408aee2dc3e66d2601f73c5c2e546bdce85a244b1c65e3c0b2b","sha512":"76fe23697dcd3fdd3605598520554e5b1b0a69d29c5a198b342bd9630a8c65a328be769b43d60271b83acd5598ea1222a392ae0d9b5fe61f988dcd541aaa2dea","ssdeep":"192:ASyXALyM2oT3GBpF4L1PkUlKqFr4/x05QoVBvWsMufgV:A5ayM2S3GBpA1AuUoQSlWh9","tlshash":"7ef1af1b5cf3c911f7f01de99590c602109fe49c186e0a1599ea908eff41ba39b9ca1c","first_seen":"2026-06-28T16:04:36.822354Z","last_seen":"2026-07-04T10:40:29.154342Z","times_seen":3,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/game-center/f/sport/queryMatchPage","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:40:09.266Z","timestamp":1783161609266,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:40:09 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 35550\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":331297,"size_decoded":35935,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60454), with no line terminators","md5":"1b36833d0fea0a633d0bdc712c01f48e","sha1":"5ecd17a696147ed0fe721715f6795401136feb6e","sha256":"41fdd6bacf0f636531920368f81083538a33f9d75bde5845e1c685dda349a630","sha512":"6f3eb2a9b9e665e4300ef140770ea358c90d18a0d8e493ee931f1dd529485aaa6351d30269cc69083975cea3af76b0d2acb604e78b888a128aac8dfac4c4236e","ssdeep":"6144:eTaO7S305WLE1EcipK5MsO6028ABR0oKH2t+eGryh7OOZ2M5ODr1VTpTKRuT7DY8:dO7S305WLE1EcipK5MsO6028AEoKH2tM","tlshash":"c964378a692dc4fe9ac67d02e8cf3095e5e03a07e84d2d4004c67e6c9e1fb53b927567","first_seen":"2026-07-04T10:40:29.155284Z","last_seen":"2026-07-04T10:40:29.155284Z","times_seen":1,"resource_available":false,"data":null}},"time_used":676,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":358,"receive":318,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/MatchOddsPanel.C3ylOrnJ.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.832Z","timestamp":1783161595832,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/MatchOddsPanel.C3ylOrnJ.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-39\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 57\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":57,"size_decoded":318,"mime_type":"text/css","magic":"ASCII text","md5":"c1a98d71ce6f556564bb4019362a1a53","sha1":"f01846afa1c087928f90f69c50101d40ecae8699","sha256":"0cce136a72a9bb84eedd4ef42258b56743b9184fc0ac85bd2f2017eabf109e99","sha512":"c42adb7e999e33ef303b85fc56ed60c257f60d0c4e0e35ce650d6f8a5d17a3dd1d7770b384f3497e48c9326ddce82f03f2d6fbf78ea074e93bf0646c02344aef","ssdeep":"","tlshash":"09900214e408041555ef96d56a8270020c04a1da980003a37925dc4dcc675a53096a16","first_seen":"2026-06-24T13:33:42.992892Z","last_seen":"2026-07-04T10:40:29.171895Z","times_seen":16,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.febRmCcs.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.546Z","timestamp":1783161596546,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.febRmCcs.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-471\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1137\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1137,"size_decoded":1419,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1124)","md5":"500b5c3d14b6b537bbf9a881c93c559a","sha1":"e0e10520012940d7eaaa1d6a13544e84b38418fb","sha256":"399d67cea2755ddcbc2f1a0d4223becf1f63c46e612e452c09933988b43356f7","sha512":"8b1cd39209ce521b9a06aed72b8fcebda210e35cf5ed79556e63d59560dd6be29036985dad27f2b0503cd916f72b01b63254af1f3ef6ee54afab13d53f1fd536","ssdeep":"","tlshash":"a021934af29ea1b6483a80f89048ee67a3326414f26598b9d96d0d1ec189043b46fb72","first_seen":"2026-07-02T22:42:57.226407Z","last_seen":"2026-07-04T10:40:29.173033Z","times_seen":5,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Darts.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.843Z","timestamp":1783161596843,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Darts.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6566\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Ct1J6UcYnaNecgk5OdvGyvx6ITjpNN1n\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:46:01 GMT\r\netag: \"acb74aa8dfe6199601a3cf060fd783cb\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 0TjWZFKOUCsPPhd97ndW9lzEu4yiSJQOjDuLZXDJkswLbffhdkPlnA==\r\nage: 6836\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":6566,"size_decoded":7133,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"acb74aa8dfe6199601a3cf060fd783cb","sha1":"45e6abd19f8e015ef48af23ef6b33b37badb7cc8","sha256":"3a1e633671368a2e03d10ef7158e9ed84e265430ff646b987b4528b7dfca3302","sha512":"13b2945e0378dd0bdaf636120dab00d595cbe1d87606fc39e576ec4ad0bb86010d3bf0db0230c45cb5cf68ea0dddfa88b523a90c59e1362c0346a77b9278da0c","ssdeep":"192:WSHJLzO6Sdh3GJq4Y3bVpXchJvDUjIEQvpd:5HJLzOndtGUL5ShJYjepd","tlshash":"ebd1afd7dd45125608b24a33a1cf7bf8a3b74dcc88ce8916d5f700b0941a30b1badac1","first_seen":"2026-05-30T07:41:04.856416Z","last_seen":"2026-07-04T10:40:29.173606Z","times_seen":23,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.B1UGflyo.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.560Z","timestamp":1783161596560,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.B1UGflyo.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-1578\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 3243\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5496,"size_decoded":3553,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (5479)","md5":"98eed063bb427fdc8b79815ad51a2c08","sha1":"740ec994a73bee944f5fc036dd3479e3b7b73036","sha256":"68e2fa7f80e4b0b34cb68f8559de1293a3766407208262df062b781fc38f1b31","sha512":"6f86343bf51a6aafe97e1744d4202f864d7420c85b8c5692cb9d71285c26183893e49a3734bec8a586b728360bb46b99cc326a3cf9ffe92f3a7bdaa57c1e081e","ssdeep":"96:khFkhM3vivdhRFp/SIBI0AiTYNobk/Pdj12OpoqETxqH1by1nj5aXj+60gFdr:ikefk9pt3hQtjwO23khEGK60ur","tlshash":"aab12a6870172738ad37c54c1180995a9d2b7f52aa10e8e031fd1a272ed2ce1db6f3ec","first_seen":"2026-07-02T22:42:57.285209Z","last_seen":"2026-07-04T10:40:29.174225Z","times_seen":5,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"661815.com/","fqdn":"661815.com","domain":"661815.com","tld":"com"},"ip":{"addr":"203.168.131.141","port":80,"asn":9513,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-04T10:39:51.870Z","timestamp":1783161591870,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 661815.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Length: 748\r\nContent-Type: text/html\r\nDate: Sat, 04 Jul 2026 10:39:52 GMT\r\nEtag: \"6a411a8c-2ec\"\r\nLast-Modified: Sun, 28 Jun 2026 12:58:52 GMT\r\nServer: nginx\r\nX-Cache: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"661815.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.jsHMj9PS.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.808Z","timestamp":1783161595808,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.jsHMj9PS.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-49c54\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":302164,"size_decoded":140861,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (45391), with no line terminators","md5":"517267c12444047eb41a06b8873ff756","sha1":"27b9b07a372f85869840ae03bb09ba6393776435","sha256":"4dce1d95f857975e001da696bdc261fb9fe029e717e2eda885648a0109a2b6e8","sha512":"b1dff599ce3b10755fe0245538181b85d6122e7725b7168974b83204d5f57384c8e704cff87ba6fc87d273046fb40b4d13d1f3ea048b70cf263b11204dee954e","ssdeep":"6144:OFdwuwe8RN5x+OyJJUK3oa8jcOit/ECEN3UOvuFI:4zo5YVSK3oX41ECEN3UOvuu","tlshash":"52541ad839d2cb3acc00b8da73d051a22d8e0b7a77a900349971797f5b317c39de59a8","first_seen":"2026-06-24T13:33:43.042162Z","last_seen":"2026-07-04T10:40:29.175122Z","times_seen":16,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.b08rW7Wf.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.566Z","timestamp":1783161596566,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.b08rW7Wf.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-436\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1078\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1078,"size_decoded":1342,"mime_type":"text/css","magic":"ASCII text, with very long lines (1077)","md5":"e48e9b0547b63fd0e86e5f38887dd3fd","sha1":"02be536d1394ff897eda39673bbfca399ebc2ede","sha256":"9a23c0db384679c6c4d5c0d5781feb0cffaf22e544fa6477636da99d880c4f80","sha512":"f082a30583538480f8997069b4d3814871bc70c33e91ab6f96ce749f47dfd8fdc481a52ccd396a0afbc2aeaea5dcc8952934b170d8d04fc11b7d273214e093d5","ssdeep":"","tlshash":"ee11ef4df04eb41bdc6fa3848284db1cd907374b7b150ffa1e5267910a42ea2346173d","first_seen":"2026-06-24T13:33:42.988274Z","last_seen":"2026-07-04T10:40:29.176536Z","times_seen":15,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/not-reserve.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.363Z","timestamp":1783161597363,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/not-reserve.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 2585\r\nlast-modified: Wed, 05 Nov 2025 07:32:40 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 4AEL8Tkvsq9Z1ljOvXhTWd7ew2xCBRla\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:06:41 GMT\r\netag: \"ada663379b43197e79b187b424dc8ee9\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: DJwbl1tc0Wqg_dVrWEtGPP4HINE9NfNDc0N-9ByeDb86dQH__FnEKg==\r\nage: 5597\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":2585,"size_decoded":3152,"mime_type":"image/png","magic":"PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced","md5":"ada663379b43197e79b187b424dc8ee9","sha1":"8c31d5fa34c9205a716a93f19fa166ca50da4de3","sha256":"7dd7f8b2c4275f3d3e78dd20cb85a58b7a9f530d73877b3371feccdbda6bab5e","sha512":"5e6b9d1587d4034d4efbb461e488bbee90992a0c68b2b4808822398c0d9f695b8f599266dbc80ba1b49d4968be70ce48c5e5a5c52fc1e662636512853abc992b","ssdeep":"","tlshash":"52511ad5b2b4ca355b4fc5b1073a1e8331831e205ac2361ec6a73edea644fa06ce84c2","first_seen":"2026-05-30T07:41:04.806741Z","last_seen":"2026-07-04T10:40:29.177147Z","times_seen":23,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/details-arrow.DtgI1CkQ.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.805Z","timestamp":1783161595805,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/details-arrow.DtgI1CkQ.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-ba1\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2977\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2977,"size_decoded":3259,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2976)","md5":"163a02ffd7cbf774ac47485f87d11631","sha1":"30467f6feacf6eb74e7a3628dcadccb3866dad2c","sha256":"2d502486f9a515ae20f2ae52153a0dc251b243eb4fb0bbbaf62f6bcb29395b00","sha512":"5faf7f5620bad75057bfdc339e7b40e5ef53b62b10cc0c0fc1cb22fd3e79a794e37b7704f3e8987c06e0a1a757eba76a861852382aa914afdfc2b14886828af1","ssdeep":"","tlshash":"f0514d7797644cedbe9044b554063719ac7a730dac2077f49d0d4318bad3b642a7991c","first_seen":"2026-05-30T07:41:04.633269Z","last_seen":"2026-07-04T10:40:29.177796Z","times_seen":24,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":559,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/download-icon.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.870Z","timestamp":1783161595870,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/download-icon.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 160824\r\nlast-modified: Thu, 27 Nov 2025 07:50:02 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: UkjYisdUFOjtYCmRmzU6E7Zr1fXYm_Jf\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:36:48 GMT\r\netag: \"4ff046dfc19389a1ba22fc7e62ef1d2d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: rSCVva5HwJmDZ9Tya_y3wcZjSlB7m-aWV7vMx95q3GIhZLR1cn51Zg==\r\nage: 3789\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":160824,"size_decoded":161393,"mime_type":"image/png","magic":"PNG image data, 540 x 432, 8-bit/color RGBA, non-interlaced","md5":"4ff046dfc19389a1ba22fc7e62ef1d2d","sha1":"b162234dddef66536083082d08bf85b57c75104f","sha256":"fa1e0aaf146270fb5a90bc2ee852fb900620df69bbd0178ad891e00bca13d01b","sha512":"db05faa994f21e2f970f8c8a812c350e0a9991a08043fbec3528e118508585962c25fd608264163fac98ab361eb9ca45b50530cc94bbb1f572c9f1008d36876c","ssdeep":"3072:qrS1mNb6SKUmpEfC/GHRGekGwLPErCRGysTbXkJxO4ojukORdlpLtTeR+k4dDy:d1mNbPK9pvGH4HiTbUJguNRpLst","tlshash":"16f32346ec37b5f8a9fc2b6a3b64c0441f4d4d1a138f42e750bd4e3b1e8260239f9a65","first_seen":"2026-06-03T02:50:08.031588Z","last_seen":"2026-07-04T10:40:29.178843Z","times_seen":22,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":13,"connect":1,"send":0,"wait":25,"receive":26,"ssl":225},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/InputOtp.rAUYlcYj.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.599Z","timestamp":1783161596599,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/InputOtp.rAUYlcYj.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-13fa\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 5114\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5114,"size_decoded":5397,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4338)","md5":"b93f434ef126b14cdb0014ca6933a4be","sha1":"c959b29b45a5e26a86317b5cbc249b4173ecf0ac","sha256":"aee2e22a747efb1cfd660e47d9a7a6c3484cf8a17710bf1adbcb461a8e697c6d","sha512":"f4b63d101792fc03c6cf39889186be7dc4ebd9d80720006bc69262154f31fbb1fc4255eff331b0965c032b5423140b0ac5b6ae30654c7a30b93aa50b37ee8bdf","ssdeep":"96:+NP2Ib5bPHMw5wIHXzspv6aJSuFbT/Q+qMhvd7GERnNQLE0yFzsV9HGfC8:M2Ib5bPHMw5wczspvV1fQ+qM5pRNQLLq","tlshash":"9eb1fa993193a1b1b6f24ee1846d8411e3163e08647df0d0d573dc551aa0b4962fff7e","first_seen":"2026-07-02T22:42:57.129599Z","last_seen":"2026-07-04T10:40:29.180471Z","times_seen":5,"resource_available":true,"data":null}},"time_used":503,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":503,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/894dc1f1a6724a5baf674669ce3f2252.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.143Z","timestamp":1783161598143,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/894dc1f1a6724a5baf674669ce3f2252.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 3324\r\nlast-modified: Thu, 05 Mar 2026 08:40:15 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: YfTzKEZJ3.na63My5DuCvKIOjmRxndBp\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"40670be4b6315833e88170e5ec0404de\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Km8RhizZkJ4NM-4nxnAtGggA7Zi4FEs2G9cgHmG7fLgQv9Bw67-xGw==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3324,"size_decoded":3891,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"40670be4b6315833e88170e5ec0404de","sha1":"2d1ff4cb1c18bc4c444d5ca0affdabc6f6608f43","sha256":"3965155417ee077d1175925a5784b987353e3525080a28e3a304c9d3d8da98c1","sha512":"b2318f2f77641dc69e20fcb86d90d053c99e8a7bc42379e8f4c8376b39a431bd7c6e531e345bc6514fea5729a86715059ba1f3fa1e21874a34abde3317fca91e","ssdeep":"","tlshash":"67617ced5e7616238c0e442e36f97648a4b72cf07c4f9aedac40669300811a7c96f8a0","first_seen":"2026-06-28T16:04:36.738393Z","last_seen":"2026-07-04T10:40:29.181049Z","times_seen":3,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-04T10:39:52.559Z","timestamp":1783161592559,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /?inviteCode=64298\u0026cid=118 HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://661815.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:53 GMT\r\netag: \"6a46723a-dac\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:18 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 3500\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3500,"size_decoded":3769,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9d637dfa6de326289ede6e1a386942ba","sha1":"39afdb231daa7b8270ba32a6ddf7dadc356f4d18","sha256":"6839aeb6ed55e576c374f8046346b128c5203edf25176ff07a7db908d1670c6e","sha512":"3f497a23b255d6f769e10f180c5258176cb9e082a411fe1d42d10776548fed7eab9f57ede4a81b3ae06839319b7b46b9f55f1a2ab97efef9c43b43abd5670d1f","ssdeep":"","tlshash":"0a7175954ed0a0163bb247298afab00468d2d087850cd844b54ca3d99fd1f4ac7dfefd","first_seen":"2026-07-02T22:42:57.085355Z","last_seen":"2026-07-04T10:40:29.18228Z","times_seen":7,"resource_available":true,"data":null}},"time_used":874,"timings":{"blocked":-1,"dns":87,"connect":223,"send":0,"wait":331,"receive":0,"ssl":233},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/game-center/f/game/gameNameDict","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.672Z","timestamp":1783161596672,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/game-center/f/game/gameNameDict HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:57 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 45784\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":168347,"size_decoded":46169,"mime_type":"application/json","magic":"JSON text data","md5":"579dd3eaab9e67f35ad7b853a589789d","sha1":"c0c39de57a96a522bef6f690e3638e6e616a54d9","sha256":"e615e874bc1540496d7d70778995bf46e99dbcb2515371020e844fff563d3186","sha512":"a1b0a81136cf8f30d8f323e939d065fb31e7fdf2b6bbe42d6e8fa738626f6819b1b6e7e76e092dcd41caef494a6bcb5478b31e5bd3d592f334e13a9ed623fc84","ssdeep":"3072:jk+Ihc8+AxjiMOE7fkaYvoiTcfRkroeWgvaRCWap:jkHy8eWSaRCWap","tlshash":"3af35beeca4d9dfd41613e3a064f25e974f1360fb1dd8d8471a4aa7b5ec870e0422ab1","first_seen":"2026-07-03T21:52:09.614137Z","last_seen":"2026-07-04T10:40:29.183635Z","times_seen":2,"resource_available":false,"data":null}},"time_used":579,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":474,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/961762ba75434fe5859eac0538cbfe41.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.148Z","timestamp":1783161598148,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/961762ba75434fe5859eac0538cbfe41.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 3880\r\nlast-modified: Thu, 05 Mar 2026 08:41:00 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: mKXY9wCbgd46pHpUQXBhJtE2uO6.WFWD\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"494f5c0882ec04df78a956c50c4da65e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: teBuxsRMTT6QZKVG7q_nnim9ylNUTbDr2JGsRMylGdPcvYCE6hS3sQ==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3880,"size_decoded":4447,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"494f5c0882ec04df78a956c50c4da65e","sha1":"1900073cb12a4f00f6b4256cac0a65fcc00da032","sha256":"02d457a62e91a1929dfa031bea5d509b94f3393d432cf1bb65c53d0ca19d4b10","sha512":"0bebd10479e4ff33a87a3ba43b8b59a56f860b52b30b77f8e7466127e9629cff0e2e5e3a9c4bc7c1aab030905aba609d8033c68a242561d79d118441c38eaa6e","ssdeep":"","tlshash":"05817de381441c5e4de9e87310aa48d25c6f2ba545233161328e167f02c4fcd9f9edfa","first_seen":"2026-06-28T16:04:36.711233Z","last_seen":"2026-07-04T10:40:29.185913Z","times_seen":3,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/c9c84316d8ba49109730533dc6804d45.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.151Z","timestamp":1783161598151,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/c9c84316d8ba49109730533dc6804d45.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5497\r\nlast-modified: Thu, 05 Mar 2026 08:41:31 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: .iThuR7LbQRyipbg_UBAzabw_JkzuW6s\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"65051acbe50a0e90b9a3b894e1eede9c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: DGZsM8fuOZstazU8IXbSy4g1F_0FOOjfk9c68QvE2hvF81hfLHqf7A==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5497,"size_decoded":6064,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"65051acbe50a0e90b9a3b894e1eede9c","sha1":"d42dd665f01d9dff7d9ca079c8e26fc8f549dd04","sha256":"ff3f28a9f2e1bd82e5f34564756ad1575d4ef48aa352436f88456476fd9f16e6","sha512":"dc936dc85a39d08931355c7d5e051058d0b7275bec2437c8c28b126e0637a6e4e7b1d78a495c97980daca17a374cd4ac511f6b3d7cfaecf0cee8f27bc5e18574","ssdeep":"96:9ScN3T576g8RvLkeyDojba03QPopsxi44WYRExmfMkAEVdQLQWxgSlWtsN4Lk:9S8d851yD8z3QiHWmn1dsQ2Mq9","tlshash":"dab15c816a49a878f77afcf542b67124ff2fc8fbd6831092a09959089175e79852e108","first_seen":"2026-06-28T16:04:36.70234Z","last_seen":"2026-07-04T10:40:29.186563Z","times_seen":3,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BDmApV-_.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:54.008Z","timestamp":1783161594008,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.BDmApV-_.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:54 GMT\r\netag: W/\"6a46723b-16856d\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1475949,"size_decoded":459185,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (18409)","md5":"25c4c626f4cd4646399b7237587d7f00","sha1":"1fc899f48d7ef5a9e2bf7320d85331a0aa7d246c","sha256":"f3ec6c872174da7f1c7af83ad1260a4146e1c59bfb5c771fcb2368b065cfdbdf","sha512":"f504133d82c174d87afc3b87e8dd988f5f047d4a5039c731e48f95a06c1eee14738953e1ab0edb54a1fbfff7722ffb9a752f431751a4896d67ef1ea95616ab4c","ssdeep":"24576:u8DE18f74CrYZ+u9xExfuJpeVhNuzQkmawtwhxctFHZHa:u8DE1UlrYZ+u9xExfuJpeVhNuzQkmaw0","tlshash":"6e257cf8764674a507b7d4ed406b0c02fe293b53b40ec0d4f1a999a639b0729d6b7b38","first_seen":"2026-07-02T22:42:57.237396Z","last_seen":"2026-07-04T10:40:29.187702Z","times_seen":6,"resource_available":false,"data":null}},"time_used":455,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":455,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/right-icon1.Bx85-jIM.svg","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.871Z","timestamp":1783161595871,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/right-icon1.Bx85-jIM.svg HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723b-26e8\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 9960\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":9960,"size_decoded":10230,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0734e5782f05c953bdd7acf2c595674b","sha1":"859e622c76447446235aac6a80c623bf3f7d036c","sha256":"baf1ad1337f5d52dc3aed20f35ffe1872f27831c347d161c9f9949919d5a6c4d","sha512":"3a89f46c686f9dabf6a0b49f6f59f94e85a5ad9c3cfcb3516faf2612d074cb6d1e205d3d875f4ab3d28e8eb2ccaa9a7768c52c7954895b596718116d0984d011","ssdeep":"192:RcSKais0fuCvtbbqTDBQH2AKbP1F8/9FuzgNQmo+uBnvOswKAUADX2ME:JHisrC1bBHiE/TuqQmojY3E","tlshash":"9422b7e9b3d0a3e0f50a97f4d42696a27b1f34bb3b64e7e4c2915c51b1270ec849cc92","first_seen":"2026-05-30T07:41:04.857739Z","last_seen":"2026-07-04T10:40:29.190151Z","times_seen":24,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/game-center/f/sport/queryMatchPage","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:40:03.536Z","timestamp":1783161603536,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:40:03 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 35550\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":331297,"size_decoded":35935,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60454), with no line terminators","md5":"1b36833d0fea0a633d0bdc712c01f48e","sha1":"5ecd17a696147ed0fe721715f6795401136feb6e","sha256":"41fdd6bacf0f636531920368f81083538a33f9d75bde5845e1c685dda349a630","sha512":"6f3eb2a9b9e665e4300ef140770ea358c90d18a0d8e493ee931f1dd529485aaa6351d30269cc69083975cea3af76b0d2acb604e78b888a128aac8dfac4c4236e","ssdeep":"6144:eTaO7S305WLE1EcipK5MsO6028ABR0oKH2t+eGryh7OOZ2M5ODr1VTpTKRuT7DY8:dO7S305WLE1EcipK5MsO6028AEoKH2tM","tlshash":"c964378a692dc4fe9ac67d02e8cf3095e5e03a07e84d2d4004c67e6c9e1fb53b927567","first_seen":"2026-07-04T10:40:29.155284Z","last_seen":"2026-07-04T10:40:29.155284Z","times_seen":1,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":363,"receive":223,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/chatShare.CI7ZQNfd.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.615Z","timestamp":1783161596615,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/chatShare.CI7ZQNfd.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-445\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1093\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1093,"size_decoded":1375,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1092)","md5":"8c484fa33aae9aa4caa73758c9fc5d4b","sha1":"b107f8624668440b31cc867a1630184d40145f63","sha256":"3a0da513cfde0cf206dafaa07d44b468fb74ee08c82dbab0da48872611e031c3","sha512":"db3dafe9a977c62df92588e4ebba1d81943d9282d582cbfe45586c29187a8e53ec45e707b5830bccde22758e65b180185491a9ecb45f7f109e2ead7dc77ea742","ssdeep":"","tlshash":"a711ddd6b1c639a28761145e90704666f2245d1539ad83f0f23e95733d2b81382fbe5d","first_seen":"2026-05-30T07:41:04.668588Z","last_seen":"2026-07-04T10:40:29.192625Z","times_seen":22,"resource_available":true,"data":null}},"time_used":486,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":486,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/LOL.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.847Z","timestamp":1783161596847,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/LOL.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5858\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: VZtnY2IYomcPtWlnq9VZPo2e4xbtbzTq\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:46:01 GMT\r\netag: \"6e8237396bc77075edcd1c1e02e13dbf\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: e1sjeGhdyJ6fE1am-1v33mYecKj3DRkt7uxmcfFsMgkEflx0C3o3pA==\r\nage: 6836\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5858,"size_decoded":6425,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"6e8237396bc77075edcd1c1e02e13dbf","sha1":"1849454d1a8ed73bb7d0ea1b40271e569eaf4d33","sha256":"6d39ae8acfd74a09d21fd4323fcb554520e49f47b7fdfb9a29fa14ba719797c0","sha512":"726bf685fc8247df2cd2cd4c7c54a14698d50fcd0ca2315c0f1ea5f207e40624f8e9689bf28fd56ac24aa782f3ed8c3cb036652006b52f73ccb6a66853281aa3","ssdeep":"96:87SlvVJjuSBLdO+xtYZZ0EgOgkpt2Da08PJ6GLTai5SxYJGIKU0rHVO+4E3QX48W:WS5VJjDkZ0T1OTPkgTaisYJbKxH748QG","tlshash":"3dc19fbf0306072daad7847120d8ff9761538768842056631fcec662326cde35687af7","first_seen":"2026-05-30T07:41:04.73559Z","last_seen":"2026-07-04T10:40:29.193396Z","times_seen":24,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/LimitTimeInfoBar.BB_7qYiO.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.842Z","timestamp":1783161595842,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/LimitTimeInfoBar.BB_7qYiO.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-18b\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 395\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":395,"size_decoded":658,"mime_type":"text/css","magic":"ASCII text, with very long lines (394)","md5":"7767a647cd4fdc3c469b1eaf191122b0","sha1":"2141e0280c65790449d3a941af0b32beddd06679","sha256":"b265762d682c56233a80a1918c6a602cc434aa57c313b397485f345c51fb847f","sha512":"fc8650e7eecaab1f68b69fbe97587eec7ace0ecb9cf9d94858d35b5bdf53cd56a62182dbed0e8f87ea9fdbe9b9b55569bd8a3dffadc1ef63aae7d4595e68aa1f","ssdeep":"","tlshash":"5de02bf1e62d153c7cb3d8e56e74668ee2e19053c25252109281353fe8df18324a5b07","first_seen":"2026-07-01T20:44:48.06146Z","last_seen":"2026-07-04T10:40:29.194263Z","times_seen":11,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/EBasketball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.851Z","timestamp":1783161596851,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/EBasketball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6644\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: zY5lwo74tzH_S_ox.IMkUtf92Bnx7Ke5\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"ba6037fdb293dcc9faf3bef5077fd92f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: -cjjm0EcVGSRvbNXPZQuA0ordMWkQ3Hc9XR6UATibAnAx22WjOWgyA==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6644,"size_decoded":7211,"mime_type":"image/png","magic":"PNG image data, 70 x 72, 8-bit/color RGBA, non-interlaced","md5":"ba6037fdb293dcc9faf3bef5077fd92f","sha1":"4c888bc8f1601c8611fe714c5467b42b9b375ed4","sha256":"19a7da1d4d8ecb8567756a395348745a24b1c7e981f5c5b18be519f38c80426e","sha512":"ad7c0807b59e8aac06fd811189294011c388e0759d20941c3da7a978f33f750f58ca57aa23837addbce4985b40062e78cd7c3359ce88947aeda81b8414e08ae9","ssdeep":"192:PSiLW/KlBV7Q6Ewj6usT7rhXawPZ1Aw4RYrtum4u:6iLyEBaJwOT7PZZ4irkTu","tlshash":"6cd18e4e2ce6dc7b541edcde1ff7b3f4ca324bd646c153046b657b01810256448eaba1","first_seen":"2026-05-30T07:41:04.801653Z","last_seen":"2026-07-04T10:40:29.19571Z","times_seen":24,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/918a3cacd42180fb72439a7042c369db.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.387Z","timestamp":1783161597387,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/918a3cacd42180fb72439a7042c369db.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/2520f957bdfc0d4afe4fbdb4988f7468.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.415Z","timestamp":1783161597415,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/2520f957bdfc0d4afe4fbdb4988f7468.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/MatchOddsPanel.DD-_WXfz.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.824Z","timestamp":1783161595824,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/MatchOddsPanel.DD-_WXfz.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-2ff4\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12276,"size_decoded":4524,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (12077)","md5":"012c7b62e9bb8de46dc206fefec2244a","sha1":"07e3a02963a433245ab5caec4aa2561cd318b2e4","sha256":"644957b2f6fef34c29d92e020b53c8c5e58fd61ce9d1340811ee5048c34eb193","sha512":"cb713dee7fd97d251598c9372f886a89f230c119068c84fcf9c7efea784545f0401a44790e13efb87b37e99d6ef27e879a02103d952e6b049d9eed1fd0894006","ssdeep":"192:rwF3iBrmH8QMrZIghSu/iCX8s2coeSQ8zNW6XRpsDsFiwEFNgk:rwNiBrmHHMrZIYSu/iCX8s2coeSQ88Z/","tlshash":"ce42a7cd44c64119f7140a65e07a31a6ddb93c09740af642eefb5dfc2a11d828fb9f2a","first_seen":"2026-07-02T22:42:57.102836Z","last_seen":"2026-07-04T10:40:29.196405Z","times_seen":6,"resource_available":true,"data":null}},"time_used":768,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":768,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/OrderLimitTimeFreeModal1.Y4m0qvUA.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.837Z","timestamp":1783161595837,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/OrderLimitTimeFreeModal1.Y4m0qvUA.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-3829\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14377,"size_decoded":5557,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (14032)","md5":"b38c94409dba2c85232281ae5435e8cd","sha1":"7b5f771e5972c42a2f4f4ee3223cf2241f825374","sha256":"89edc8849f9b23d6f38af5e47661b913ba313f4d48660800de797ecac37e7895","sha512":"dbd0d2c4977ee88448edc30f09639997d36ec1e640f8ecce5be2674e45bdafd677dbf6efecfe1ed8593bad043426f07844310e8e11f69691c26e0cffe3f8aa7b","ssdeep":"384:jYI8vsCmCNuyl2NAz2lECYGWvSmZnyVK01hT:jYI8v9TZ2NAz2lECYvvYK0/T","tlshash":"e0520baca8354535fa738459f2ef0a42661c3f53d1184c96f8fe59a03f8ad5233ac17a","first_seen":"2026-07-02T22:42:57.077266Z","last_seen":"2026-07-04T10:40:29.211497Z","times_seen":6,"resource_available":true,"data":null}},"time_used":756,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":756,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.DXyPm8yc.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.849Z","timestamp":1783161595849,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.DXyPm8yc.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: W/\"6a46723a-1701\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1444\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5889,"size_decoded":1736,"mime_type":"text/css","magic":"ASCII text, with very long lines (5888)","md5":"416c7360cc77b2c15ae131cf1f472c3c","sha1":"500688c454b5d8f7f72585dbeb9c0e55dc07413b","sha256":"3d309ca9cbe6e74ec35a0e509ff4eb3249667f4b4e0aa91e50b28442697b8301","sha512":"9302b17abcec0f7bb6b675c0bb8efcbc9f8a4f2269d43fcc42e25f23c409bdbd55db03dd8810754f173674ad7addfbd3cb1b0aed9ceac704ce6741b95c1b0f9d","ssdeep":"48:kkv3+Ho6+/r8VRpSmmVUjUI4VDmH/VDmHyVDwkoi60kihtEjvDCzfOzycVWBzeK7:km+HoB/rElMUobwtBwL2Ua","tlshash":"d3c144526a28282c7133b705e8c41a7c4b2cb35357633d8d73292fa75b8735b2a7764b","first_seen":"2026-07-01T20:44:48.039462Z","last_seen":"2026-07-04T10:40:29.212757Z","times_seen":11,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/RoulettePanelModel.Drk7YVwL.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.569Z","timestamp":1783161596569,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/RoulettePanelModel.Drk7YVwL.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-8c0\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2240\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2240,"size_decoded":2522,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2223)","md5":"54ca4db3d474f886166088d479da69d9","sha1":"0fafb21a896057ffc193c7c7b59efa85e313c4ff","sha256":"57671c100b795f1eea753d6024a4a44c4a25f2d40c0d0a4b9cc765b92bbbb369","sha512":"d66ec065f8fc0540e30bda292f69d28e4aca8dc7cd4e1a4187fabea5d4f5ca10d63217375eecb4b592543af804ca74fefdb32fcfca999112c936df596a1e2c06","ssdeep":"","tlshash":"f841a6d9b45a8afe17774e9ce41948d1e01c39694321fc8825dd44132fe6de444bf72d","first_seen":"2026-07-02T22:42:57.032688Z","last_seen":"2026-07-04T10:40:29.21418Z","times_seen":5,"resource_available":true,"data":null}},"time_used":290,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":290,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Baseball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.835Z","timestamp":1783161596835,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Baseball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6346\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: JLGTbm6v3vRIJYX73Cam8lOs99.vfhFE\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"e689c24578b5fe13eb187324f803d274\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: uMhkIqlV_xr0WgmfYkWUGBKudCZ6YvuyjkQt0mwfQ8N5ZHjpx7zBXQ==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6346,"size_decoded":6913,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"e689c24578b5fe13eb187324f803d274","sha1":"e5e9465c086c197d95dd3997c95ac1f24c6b58ce","sha256":"a6e34ec2119c34a05c2f89f1480332f49ec2c83ff638c47c97f2233135de0d96","sha512":"7a65f8fb35796bb54984677563c9d79539963a634d2c1fdc2a9878219cd4900a2dc59fb34cc9773bd55596bbe7948522e5c4b4f2a4b430f2665385a4e152b5b7","ssdeep":"96:FS165qNYhjvmudKEW8XGVijlEOzOOjY0V0WBzUvWDcWuvorvu8S1KCeepEwBHUk:FSmq+hrt4CGVijyOpHFUuw1vorG84xz","tlshash":"34d18e6f3245be977c17f3b237592e247c53e6fb05c0616de5e0a82c8252d60e05a689","first_seen":"2026-05-30T07:41:04.71002Z","last_seen":"2026-07-04T10:40:29.215847Z","times_seen":24,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Boxing.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.842Z","timestamp":1783161596842,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Boxing.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4818\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: jKajfFxiBf50xZRNiPtqvaRJlW_XsmuH\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:42:41 GMT\r\netag: \"522f6206be2b4d3a8115bee642891f15\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 714nfgni34OveuTQaDSbW4FW0ZE5SBlYVlEry2aZWwWoS4kPxsNL9w==\r\nage: 7036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4818,"size_decoded":5385,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"522f6206be2b4d3a8115bee642891f15","sha1":"7c9f3823361734a79cf056392e955374a90387a4","sha256":"6e4ea93724188b909623297f786de73f0b1b5ce771d8c0295bf2d2158dd96577","sha512":"5ea59d2e26257c4413808650b9a79748fdf0619b850212ca69665c6c0a5a9e5bd97302772ad5beaf4b0535fcd234a640475dc18b56b23155d144905539f79ac1","ssdeep":"96:87SJkGRTNlYiL9IbIa8vDQeTfqQ6AHwtDADcmOJV6MhDgfW4gz:WSJk+TjYiLWP8vD1h6ASfbJV6MFgfs","tlshash":"92a18fde14f9e87edd5601c2e72b1b5253a3ff8241c3050f9c754c5c98250966bd766c","first_seen":"2026-05-30T07:41:04.717826Z","last_seen":"2026-07-04T10:40:29.217313Z","times_seen":24,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/site/f/siteConfig/query","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.686Z","timestamp":1783161595686,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/site/f/siteConfig/query HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:55 GMT\r\ndefaultlang: zh\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 4820\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11223,"size_decoded":5221,"mime_type":"application/json","magic":"JSON text data","md5":"422e461b633b70fefd0c6e9fb00eff9a","sha1":"71f4df2c3666fc21e7232f603e88ca9396d7d159","sha256":"559b88e4669a90a48a6b929680ffe3428e10844eb4330282649a2064401e285b","sha512":"6ea41c9114651f6865cf725d5a5b5dbe7a624f702c863a7dfe50d87e0f604cd2cb2a862d65c01fe6fd95223a908bf15fe5a9faa071f1dfa9a37bdec2804a0486","ssdeep":"192:QsCfdWrWOMM+V1wAwgxAePKRtDwXhovOzawEwZOmcKMin8h3mT/ggCDdmt9We:3prWVMotLARAhovOijmRzjVCYtn","tlshash":"3532d71b43cc9ca88b4a13c938affa5895881a47c9c0cd95d3dd6eac97d5e73321721b","first_seen":"2026-07-04T10:40:29.218008Z","last_seen":"2026-07-04T10:40:29.218008Z","times_seen":1,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.DYCOmzXM.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.621Z","timestamp":1783161596621,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.DYCOmzXM.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-3d85\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15749,"size_decoded":8111,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (15510)","md5":"ab91d312164af24d037829d1b9c76adf","sha1":"c606d530aad1abd2ad50419880d0434f3a704be8","sha256":"58c13130bebf6cbad1e9d4fa2a03874dad3f30807471af1bc4b006030e345e0a","sha512":"34ca08f1d215ecc4553a52642b4689fcf601cfdc3f8651b6cd4731159d3690cd4f461a72daa46ed1a8f541d6970a2178d3b0a6eaf5cd08a5121bdbb39d54aa02","ssdeep":"384:D4/30e4n4WQlTJV6qQT8lzaAwwVgXbRhwkDO:Dfn4lV6BToaoaR6k6","tlshash":"ac626c1f710ba67ea63149af92720d0191218f9a842289fbe0ff4f181616cda6b8d70d","first_seen":"2026-07-02T22:42:57.071871Z","last_seen":"2026-07-04T10:40:29.219459Z","times_seen":5,"resource_available":true,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Valorant.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.848Z","timestamp":1783161596848,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Valorant.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 3202\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: mYIMypaYlxvdQywrI.i.sjeZeeAfI4jm\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:46:01 GMT\r\netag: \"208f44b6f797772316ef998c2d12e02c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: F9P_8F7BP3rp_2ZRfySUISpq64OT-vAsnqyjiNPhLYUYzxJ-wNzCsw==\r\nage: 6836\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":3202,"size_decoded":3769,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"208f44b6f797772316ef998c2d12e02c","sha1":"4fea9387ca5443cf79b7434aee0014331aaac623","sha256":"a9ddde829f3db072ca0f1aca927607cf833b1a320722e7400085d0548990613b","sha512":"1d3ce84c7f3c570f8443faf53268adae276668e4f85915e6ac1e41fab57086e0888e51b7699acce614f4cf4fc4133d0afeb67f50f02d34a21e80f02d331eb64d","ssdeep":"","tlshash":"ff613c99da836338fe09495102d64df46cbfe603892a86660c5cd5996bf94714bc33cc","first_seen":"2026-05-30T07:41:04.879744Z","last_seen":"2026-07-04T10:40:29.220279Z","times_seen":24,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/pc-register-bg1.jpg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.671Z","timestamp":1783161597671,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/pc-register-bg1.jpg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\ncontent-length: 151910\r\nlast-modified: Fri, 08 May 2026 07:01:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: t26MQllBSUP8kFyvzeiW_lPvQfbN2dhl\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:56:28 GMT\r\netag: \"a578aaa082acd7d677171b8c1b28c299\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: phdSdft6tjM1TR_X17B-aEkdqvXjJmVCVVi4obk_Wsy2hOk47YzdSQ==\r\nage: 2610\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":151910,"size_decoded":152480,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x1184, components 3","md5":"a578aaa082acd7d677171b8c1b28c299","sha1":"4cca441e65368aa3947d51597ced4d060a10c57c","sha256":"184896769d9ff249b1be666578a6bc837875370e63c72d82dd27464a5f5f0512","sha512":"e50b87bb3c8bf233dfe8f3eed55c8bcd24e391b7a7c0e78903ff438974edd18dab33849f685c8a93df208fa4d5471ade444b4fa8983a55bc69d755c2d1e20d3b","ssdeep":"3072:xG399Z74H7vprkrNu6Gq6vq9tj7m77c0DXTW+nzAXyZ/4DywY0og3i:HVwE6XIu97WhDCEAixQdYdgS","tlshash":"67e3125eda184855e4750132f649de84af806f5ff0b3c367c884ef96ad68b2507afca0","first_seen":"2026-06-24T13:33:43.102968Z","last_seen":"2026-07-04T10:40:29.221608Z","times_seen":14,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.BKfsIFjo.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.607Z","timestamp":1783161596607,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.BKfsIFjo.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-108d\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 4237\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4237,"size_decoded":4502,"mime_type":"text/css","magic":"ASCII text, with very long lines (4236)","md5":"9066edfb2ef03eaaf608a5cf3eac29f4","sha1":"1ca0a2f92f415a0facd9ccb6e7a003786ec63fca","sha256":"0b90efb387fc389ea270a0ede4fa5f6b7265c5380aaefc174a9833721cbb9b1c","sha512":"2d6878a68f3fd0e80d708a9624e1ad0086076c22e26d8bae95fe10161a71c2933d1d7c519fa344c14906baee9edd67f9f2f6171fff8e41c90b2e43a1789d5111","ssdeep":"48:gv7BzEsg4s+7sfTomH8eFOjw4jPnjRHTk1OQWjAAkgi6kACmP:m7BzE4VheFGYgQWjPr","tlshash":"2e915b51b9d4a03a265e672d97a17a38963cf134c3418ebac534f3600a423eb72b785f","first_seen":"2026-05-30T07:41:04.741135Z","last_seen":"2026-07-04T10:40:29.222264Z","times_seen":23,"resource_available":false,"data":null}},"time_used":390,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":389,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/dc981ec5e070e0d5fe096b99d2662710.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.410Z","timestamp":1783161597410,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/dc981ec5e070e0d5fe096b99d2662710.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BN6UZ3XW.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.577Z","timestamp":1783161596577,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.BN6UZ3XW.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-52f\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1327\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1327,"size_decoded":1609,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1294)","md5":"3dd72e4bdf55dc57404592d7d05de721","sha1":"34bbc291a9fbce39959e9d37858721e7f667e3e1","sha256":"4c88e8ebeee6e6b96e0ffa2a6ea02754cfaea34d81d7d63785d73de0507825dd","sha512":"49c37d1f0d85bb3952c89106fa779ab6ac657925613b2289cd051ded2601d98ab56fd36de1e31bf0072eaca51f68a0c69527e1cec1f5a07f35dab8ddc01b1ed6","ssdeep":"","tlshash":"2221758eb1c2b1710b3f84d8e8918631f3327329d7a4cda0ca9e4f1542d1546e1aff59","first_seen":"2026-07-02T22:42:57.089144Z","last_seen":"2026-07-04T10:40:29.22305Z","times_seen":5,"resource_available":true,"data":null}},"time_used":474,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":474,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.-SDXPTxC.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.635Z","timestamp":1783161596635,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.-SDXPTxC.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-dda\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3546\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3546,"size_decoded":3810,"mime_type":"text/css","magic":"ASCII text, with very long lines (3545)","md5":"efb83fa85b72d7a6e5ce5eaf33da0e4e","sha1":"9bf7d9c2776f1177cdf72ae570802617390bb71e","sha256":"0c6b3f3dbe99e74f0bd872f05356559811e31d809813fa7aca629f121e1ddcee","sha512":"9874efb9782feed06474937c2c5ae188ce2d9f398b12fe5b34e46704a6fd97eeb278b37a680a7bbde0a9e5b3dd03b4b45b332392ab9948e7340969ff3a8543b4","ssdeep":"","tlshash":"d3718f92f39738172c77cd929105baff9f6e3b435a0b4875a07122a96382bd23514f36","first_seen":"2026-06-24T13:33:42.965834Z","last_seen":"2026-07-04T10:40:29.223669Z","times_seen":15,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":362,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/search-icon.DIGhTt3w.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.803Z","timestamp":1783161595803,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/search-icon.DIGhTt3w.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-329\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 809\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":809,"size_decoded":1090,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (808)","md5":"6562ae070b30df17151b7741e9b647aa","sha1":"fd2777a192db31cd89a8c797a7e89e9996988d26","sha256":"4662c08aed38a315db3a21e5f50f1ec96c0e005dbffd8075ec2f409deaf37f4e","sha512":"000603cb8e2dcdc027387ffdb3efe5437a3b7521671283a56e2a900da9518e784d3c6d3c88a917409630e3a40954c397c2da5ce83b0552b419881e75d17be189","ssdeep":"","tlshash":"0a01f5be420162cdd035cd2b2d267c41d0b624fb0d7542faead27254ee631d215f9e1c","first_seen":"2026-05-30T07:41:04.713371Z","last_seen":"2026-07-04T10:40:29.22494Z","times_seen":24,"resource_available":true,"data":null}},"time_used":562,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":561,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/OddChangeIcon.Bpv3dyvF.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.828Z","timestamp":1783161595828,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/OddChangeIcon.Bpv3dyvF.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-4e1\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1249\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1249,"size_decoded":1531,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1248)","md5":"156b367312d6d7ae95c52a9b2ad64281","sha1":"282ff55fc5be5b2fb450f5ffad5057bc04fc0a7b","sha256":"ae07943480bf3e0e7e591ec8479a20238ead092734e5c7b67859335a68f201b1","sha512":"6d7e5a7dc1fe393f780b2de6ac77425eb370b26c22eda6640ea5059bac7232c7e45b703540e173dca0683e346e1c936b0272a67ad481c3353384bf2ab82b3ddb","ssdeep":"","tlshash":"0a21f19e5c4e8929de39852b27229d5ad42196a1cfc828cf97c16631d3e006a3acc5bd","first_seen":"2026-07-02T22:42:57.283314Z","last_seen":"2026-07-04T10:40:29.227786Z","times_seen":6,"resource_available":true,"data":null}},"time_used":536,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":535,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/sportActive.svg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.863Z","timestamp":1783161595863,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/sportActive.svg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 24 Apr 2026 11:29:24 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: u9cvmN0rptiMJCoVnicS2rDMr_U2PRER\r\ncontent-encoding: br\r\ndate: Sat, 04 Jul 2026 09:45:52 GMT\r\netag: W/\"17f037afef78671b3a79131ef93a0bd6\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 3rDWHFtsl8PjHmNGKPmBa72KmRHakeUtFAQsCDYiXMMeK9XknPZI7A==\r\nage: 3245\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":3437,"size_decoded":2111,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"17f037afef78671b3a79131ef93a0bd6","sha1":"4aa4d445f24048d8995eab34c9fd1c11749c1ea8","sha256":"f1a8d21ff03e8ec4e19f414b384732cf9167975488d4dc83b573fccd1401a0ad","sha512":"04d4adca9d5e3a2822f13f1fb708cba5761b3153588e98aa887d7b7466e7bbdcbb9b7e72e895c145cbb703ce1ce51deafa97a58b3a854ccba1d134c96203aa9c","ssdeep":"","tlshash":"026164fbaae0b6c1e546eb24e4338455baaf3cb77f9116c5c188ef44b3040e54d88c44","first_seen":"2026-06-03T02:50:07.922972Z","last_seen":"2026-07-04T10:40:29.231759Z","times_seen":22,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":20,"connect":3,"send":0,"wait":65,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/phoneStatus.DsDFSgt-.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.603Z","timestamp":1783161596603,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/phoneStatus.DsDFSgt-.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-d2\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 210\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210,"size_decoded":490,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"2997acb0f5b00fa084de4c86f5f1a50a","sha1":"e26cd0bc1c157bfdc967a139a61be2d9d5a3bfd3","sha256":"222abccb18585aba8f7364366337fb1715481cb11d99ae7f599f798a482c8c60","sha512":"371f7197e6179185248aa14ee3179df77f06c86ec4294717f0af612919f9515173fe6c48fd82c2aa5f328e43a3becdaad2e4a0e07cb5edc470255e9eb4d89eeb","ssdeep":"","tlshash":"c6d022eedddab0f0c20050926020813db0060ab5b83cc2cab0fc0c319e1b084f3baf15","first_seen":"2026-05-30T07:41:04.65147Z","last_seen":"2026-07-04T10:40:29.232501Z","times_seen":22,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/BetCard.DXf47VMr.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.616Z","timestamp":1783161596616,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/BetCard.DXf47VMr.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-f9f\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3999\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3999,"size_decoded":4263,"mime_type":"text/css","magic":"ASCII text, with very long lines (3998)","md5":"d8d7e61a3718eb7e2901cb58bd97956f","sha1":"3c66ec0197448a30c0b742754afcf16586471ab8","sha256":"c2b44e9e6f95f5a763e499e66f608c90d788624978417a1b0467ea393d8fc083","sha512":"ea38ad3f50b728cf7dc0bd3a8cec985e74e666bca6201cdb936a1035cf93460eb6f40be5768a44e7e77defb0841fe90c96e0e4933d353fb3864f3d6e956c8b2b","ssdeep":"","tlshash":"b781e171ba1e912c7a7fed6160d04adc660a7207430386acdfd738769cc78863b3a95c","first_seen":"2026-06-24T13:33:43.035832Z","last_seen":"2026-07-04T10:40:29.233254Z","times_seen":15,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":382,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Tennis.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.819Z","timestamp":1783161596819,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Tennis.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 8248\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: D7dIDmuBH2aO1IrjhiKV7osIcB5OkP7K\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"ec78707614e03a287bded42efd886ff1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: fM_dhCgHz3-GQk4ZR6QqFr-zPG8pGMEFQaVBkogDGhhkEqWcuhptPw==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":8248,"size_decoded":8815,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"ec78707614e03a287bded42efd886ff1","sha1":"216bd2c8ea160f41c82922a0f804f43fbe7cdb44","sha256":"fae775b3cb1d5c285e59a6151664c66c8600c08ea2b97ad11b4d62eff09227a5","sha512":"5cfb8dfeaef0ffa73988ffe8f3e02ff0c6f5b0a1b8df35018466f5a5b696bff1adf37b94a8eef2a919aab4b7677d6115fbef8c9ae3abd9fb8bb9c7397fecd403","ssdeep":"192:FSZzIeHoSlQgOAD4EothrHrnXDsDqZnUwK/ie8U1tmWKNYy7:kTHb2LTEihzrTs4K/ieztmtqi","tlshash":"ab02bf2091e265dc9c7a977c550fb42858acfcac081225b4bbe17a7d271288ac1bf1e6","first_seen":"2026-05-30T07:41:04.760904Z","last_seen":"2026-07-04T10:40:29.233988Z","times_seen":24,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/BonusSign.CN2QsnYy.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.585Z","timestamp":1783161596585,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/BonusSign.CN2QsnYy.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-1047\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 4167\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4167,"size_decoded":4450,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (4076)","md5":"9197c2a284044eac99898190a5a522d5","sha1":"fd7039b96348f35d0e0c8bbc1b199b2943f1a1f8","sha256":"de7e05031a1c99a311e525e1895ce3e733660ffa11d5f3f7f4bc5256926d83c4","sha512":"e6e79fc1e65849428c188262ab383c58b9fb878c974bfc69a3726d920a68988cc7f15aa8a4686068aba62b1fc41ca1255e975b0d97682882cfd99f422b781570","ssdeep":"96:lXIgbAOUZ62KHkSzl8AiK/P40siCj9Hy+8i9a/aEBoNaD+2cGnq:1IgbAkz8AV40Sxqyt8Cvn","tlshash":"2d81954bb0366ab4bab75c84609180635209bffec0b5845975ff08363787c65578a73b","first_seen":"2026-07-02T22:42:57.0416Z","last_seen":"2026-07-04T10:40:29.235403Z","times_seen":5,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/IceHockey.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.832Z","timestamp":1783161596832,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/IceHockey.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4414\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: dL2fOd.IhaxdemSckgzx9tcODnCL2Zhv\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"59fa3b6a9dd45ab4059941f82f83b1d4\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: h504XDurRPcAIIiHZPf9wg-0gGIznuw5J3R6P8AeYXjoievcCHY6JQ==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4414,"size_decoded":4981,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"59fa3b6a9dd45ab4059941f82f83b1d4","sha1":"04f7ca9d4f178cc99e1d11278e10f43a0fa39919","sha256":"479aa40d03804129b5c668ca296c527f7e40cce462dcf668ef1704048b6bdcd0","sha512":"fe69ddeed69180d4eed40d5614e51af678f3b33d487f6bff14d17c3deae5e26d4dfbc978162b9fb1cd1f183bd2213c10c57b28ee33bc6d83a3c5ca29f6ab7562","ssdeep":"96:87SbbLzb3SPruFhoGJb0u39rNo1+Samxm64VlLQnZIhBCE:WSbzjDB0GcwNmD4VlLqZIPx","tlshash":"48918ccdc8fa615f602d9be11c653082d42c398e56954a2c06cfe89f5c453d2bae3285","first_seen":"2026-05-30T07:41:04.655066Z","last_seen":"2026-07-04T10:40:29.237Z","times_seen":23,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/gift-icon.6MG1Eo4n.webp","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.866Z","timestamp":1783161595866,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/gift-icon.6MG1Eo4n.webp HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/webp\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-9082e\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 591918\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":591918,"size_decoded":592188,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"93fc8cc63072bb9915ad09147a9ce0b2","sha1":"b78bec0a02a2079525080354b277ca22203c7f70","sha256":"54aed5dbcef9a64bf62dbbc70dd0567dcd9e3d0cae46c5c115614414828337e4","sha512":"c1fed45bef63538aa58b544528f63f40942dfebe1587472852385bd1a7f7b4af2bec73d5f09b67ce5199a71c87212ccc63ddc96ec2de96ea30ed89ce262d2a2b","ssdeep":"12288:ursRSGJZ8SG35MUcEmCIZyBDscT2bQEmrltsDtjTY80:u+SGJOSG35Mhffg3T2bLSaD1t0","tlshash":"04c42340b8b39005f9ce1c7f42453866944f886ab3705bf3ae42e9af847b5e0727db16","first_seen":"2026-05-30T07:41:04.605201Z","last_seen":"2026-07-04T10:40:29.238551Z","times_seen":24,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":456,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.B2lkHGB0.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.553Z","timestamp":1783161596553,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.B2lkHGB0.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-d20\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 3360\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3360,"size_decoded":3642,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3339)","md5":"4d058223b86ab7d7d9028d25ccb92ea1","sha1":"9095adc11fa52153f83d5484bc00520790693971","sha256":"a7022e275105aa10568527349c3d04ecc89a7a6e987a546369118c0bc3da9c14","sha512":"7fed19c879e0e4d942fa6de840e12c3a22743c5d86b49da45a707589471eee4d84eb355958a2a901f704bfae6b91ae0431019846a050775b8514fe433f2a3655","ssdeep":"","tlshash":"20611ab3b84fec340d630c38641558415c096fdfc174790d99b9b5391fad9a0d96c3b8","first_seen":"2026-07-02T22:42:56.961184Z","last_seen":"2026-07-04T10:40:29.240108Z","times_seen":5,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/RoulettePanel.DXS7sbaS.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.572Z","timestamp":1783161596572,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/RoulettePanel.DXS7sbaS.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-1aca\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6858,"size_decoded":5139,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (6857)","md5":"c0fa0a1e2b963a882a876c4bbd680a47","sha1":"a7d89e5cbb7ec54b1a0372521e02dba63db4545f","sha256":"d647858845026c1eaa46c34faa40516c4d078f1b739ed9193d75e1d717cab3e3","sha512":"4ae5c430790b9ddb0df4716858de98ac5d9c5b0ba5bee470852bd3a8643fb2e55a7772672c2a462a9d44522fa642908d4a49f64b22260679f1976ccd22ab605d","ssdeep":"192:9MdFrVAkPRTVQFUR4NXsby7yB3bex4QTaC2r/6AR9V4Bs:9OFrukPvQK4yTpe2QWCY/6ARLCs","tlshash":"7de18ec9f545883708a326cb65e5544cdd0ee65f827e5ed4f1158ab02bb2c39fb1320e","first_seen":"2026-07-02T22:42:57.052543Z","last_seen":"2026-07-04T10:40:29.240645Z","times_seen":5,"resource_available":true,"data":null}},"time_used":486,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":486,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/50b75ac3cd80103d24967a594b388569.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.419Z","timestamp":1783161597419,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/50b75ac3cd80103d24967a594b388569.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/deposit-tip2.BWmcXMOV.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.017Z","timestamp":1783161596017,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/deposit-tip2.BWmcXMOV.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723b-1a78\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 6776\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":6776,"size_decoded":7042,"mime_type":"image/png","magic":"PNG image data, 142 x 51, 8-bit/color RGBA, non-interlaced","md5":"3eb8137186ba57d0bb14b77432abd789","sha1":"2e295cc2c3565173d4bba7f76ff20be5e89ed36a","sha256":"0e9f445b73e59640760d98f662ad6361177db6c760de3dd273eb42fb565ca062","sha512":"b725e50ae68bf82f8ec2a8e534681d46bba17eb54008c31cd6ab300be651cb97d83d5b9e6fe68d34c78cd2d78b349e8e2fddb01a47523dfa68fda6d56ef0211e","ssdeep":"192:IO43E9LXciJvpGilqbLOGEw1KFORBYlvBkDn:p43UIi1pGbHEwQ4Dn","tlshash":"ffe1b0d1a791ecf03e407f968158904ce31be7828062c17683ef7e4c92b01caa9cfe91","first_seen":"2026-05-30T07:41:04.716713Z","last_seen":"2026-07-04T10:40:29.241293Z","times_seen":24,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":349,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/CSGO.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.859Z","timestamp":1783161596859,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/CSGO.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5154\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: AfRvqOoMcCWdPUHlpoUWXLsYfuvh3BDw\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:46:01 GMT\r\netag: \"b79145fe806ba8087544c29afcdf489e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: an41a2uS_mv1aVNCFUmpZQrop9sfKaxA6qnp8LcaNpLsy9NHY8zp2w==\r\nage: 6836\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5154,"size_decoded":5721,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"b79145fe806ba8087544c29afcdf489e","sha1":"33620b87347b2f9850c88764262d4f4d660f4c2f","sha256":"9f701d2ecbb3ab298934358ffe2b13e3a56e5020da1560cea905541635118bfe","sha512":"7be425fff1737148fd578d3ddbceb065bb36459b09cb37fec7b9001dd66b3fb54d473aa6dfbc67fb2155f1f74642b04196c453e34d2ae62eb1afe605ec58903f","ssdeep":"96:87SH7u/MMKZuT0HAVEV/V9SCtpV5VBotrv0VTsJmrbhMNMvk8LMORrnDPc:WSHqU8T81V1tkrsyJ4iN6k8Zrrc","tlshash":"25b18cf7a513682261a1978c2cac0693470bbdc13280345aa4703dac8f3e97495acaee","first_seen":"2026-05-30T07:41:04.814927Z","last_seen":"2026-07-04T10:40:29.242815Z","times_seen":24,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/d6166d5b9f7f6b3e05bc245a162246a7.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.384Z","timestamp":1783161597384,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/d6166d5b9f7f6b3e05bc245a162246a7.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/3cd387058abb6c60bde0902da3a988ab.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.417Z","timestamp":1783161597417,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/3cd387058abb6c60bde0902da3a988ab.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Checkbox.-H0Rifw_.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.812Z","timestamp":1783161595812,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/Checkbox.-H0Rifw_.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-28ca\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 3589\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10442,"size_decoded":3899,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (4729)","md5":"c3893d98b6775ed3776b377256cb0d7b","sha1":"07ece447c8e54ea46181d5657395270865e42e3a","sha256":"d2a911dc659c200908ffe325ac3ba5bd09e2994d70121a7e1f8ba1408024d07d","sha512":"1c81fc78e94f78faead3cfc21ffcc96171c3ca159d5e930f4135f56bd84687d24aef9f097c533dd7a2deeb07715036ff7bdbdaf536cc23727ed816b85698b158","ssdeep":"192:MPSMVxdb68jFL3pqy9abRUg8ujjkupMnqcpvib4qNoWT1RvSnop1ijV:e7x68jF7pqy9abRUg8kVzNDTaop1ijV","tlshash":"4122a53afd4a90b225b3c5a59197080e61226642df15def1f0f28c001ae9afce54fb7c","first_seen":"2026-07-02T22:42:56.9814Z","last_seen":"2026-07-04T10:40:29.24396Z","times_seen":6,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":552,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.g1SOqPSJ.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.582Z","timestamp":1783161596582,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.g1SOqPSJ.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-119\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 281\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":281,"size_decoded":544,"mime_type":"text/css","magic":"ASCII text","md5":"26462b1c1044ed2903c4918abc66310b","sha1":"e1090d80aeb6dec4c9bb8e63b6acaf84bb2ee283","sha256":"cbe1e441cc64ca9d843dd4bc0c68d36c084b20c6470b0f23970e7ab08af94622","sha512":"c34fc3eddd6cfcbbda174e1a94df3566b84f4e6974d3f28e96486598fbe24e6e51a5ebdbe231957fcec2a857ac6431225d131884afb71904d11b4f6c4ab27c45","ssdeep":"","tlshash":"25d0cd01f6561d2d1142c3486edcd0a444f892eb1d2588c973c025464b0659f31201c3","first_seen":"2026-05-30T07:41:04.804877Z","last_seen":"2026-07-04T10:40:29.245264Z","times_seen":23,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":415,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CQZHJ1ks.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.551Z","timestamp":1783161596551,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.CQZHJ1ks.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-16ba\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 2263\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5818,"size_decoded":2573,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (5696)","md5":"92654dee323f61f39df60086683d9016","sha1":"f8d1547d7d791ee9dbadf1124912991c29b73803","sha256":"ff386491819e0d200e522b58330cbbc4e585254f1e74529a7007b10e4ed610b6","sha512":"efd0f5aaa3878167cd8efb7063e536f1c12b611827075b6b0f0d74b35465df7e9234a5482cf78b167679b35615e11baaa6db888bc344f5b7bfd8a424c28ef348","ssdeep":"96:icAOlIW3YrGdv1PISGEwZAhtm1xyY3A53Au3AV4fzr63ewJzburzENpsJUcph/Ae:ZAOWSGEwZj13i3J3+SG3nRIUGh4p3w4c","tlshash":"cbc17559203fbb7ab617487475685992a3097faac105c44bf1bc1c232bce8b416cdb79","first_seen":"2026-07-02T22:42:57.120795Z","last_seen":"2026-07-04T10:40:29.245853Z","times_seen":5,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.XVBvL4OA.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.556Z","timestamp":1783161596556,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.XVBvL4OA.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-5b3\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1459\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1459,"size_decoded":1723,"mime_type":"text/css","magic":"ASCII text, with very long lines (1458)","md5":"9c52d1b2f71e0afed357060b2e7454c5","sha1":"32b36b5fee94aeff313970b10cffe63c86754b8f","sha256":"ae9f9a3e25cbd27d1197141b8120280fe0c1faa4a24234c4fd6f4a003d157b56","sha512":"7ea33bd695f5dae84174c4da4a0403b28a3dcb4071ab87a09a7aea7c50f8ae9f5370cc5de0512b9ac64aecca629e6774b7685393dde61d901c419cd77e253596","ssdeep":"","tlshash":"5c31ef36363c752c943be5296cc10a893010e38b6c778d29d6912778d6c76e33b547ce","first_seen":"2026-06-24T13:33:43.093027Z","last_seen":"2026-07-04T10:40:29.247326Z","times_seen":15,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/BetCard.DzB8RjVA.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.611Z","timestamp":1783161596611,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/BetCard.DzB8RjVA.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-4fe7\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20455,"size_decoded":7704,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (20280)","md5":"37562ae2f8724203cf30650c981d5f53","sha1":"24452757ed7a2869726e506de3446cf33dd76120","sha256":"c20b935a51d8a46307b94552c517129316eb74644a896581351bb681e73213ac","sha512":"7e7ea5881270d73ae7b3a7153ee519c0be1201978a97455a2a64d21792bdcdc8b6187b2e00ffbdf36a178dc3bd270fa062334f4f03964c02a016d568618eaa45","ssdeep":"384:0H3oUEDKKZzXpwBRP2Efp1N1hehdKqMVR5wPv9ACV8gnjNq2:0HhhK8vPJN1hidKqqbwb+gnJ","tlshash":"6492e74e341749b6d43b883711183508e0283fecdf259c82f2eb96356bca9556a98ffc","first_seen":"2026-07-02T22:42:57.213282Z","last_seen":"2026-07-04T10:40:29.248387Z","times_seen":5,"resource_available":true,"data":null}},"time_used":447,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":447,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Soccer.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.808Z","timestamp":1783161596808,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Soccer.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4100\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: PqH5yWXMeA4HfWz6wLoV9XESkPZgEbbh\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"43cf50d1377a80bc4cbe1a0afe1ccd0c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: wceCrcaBjqei0NteZ2my2zRiT4HtqqpQXGo_FwA_Ba3m4vcWacc3hw==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4100,"size_decoded":4667,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"43cf50d1377a80bc4cbe1a0afe1ccd0c","sha1":"e282335b14bedd98fee46a5cf7a54954680862ee","sha256":"08aa300178376a09a8db67b3bf026e2b10522dd29bcb2fe26097f4e80c49710a","sha512":"3b9f75e6d41e93f9f72fef68cd0bbc4901013073e403f328924a43fd8568ab8137a4a2c1634ac71e90f92ea4135b4a184e79e4c277b9ee32821e003dfe69b281","ssdeep":"96:87SqPRdl/cnwP6YAGRbXaxf/uDDN3M0uf8QHIEL:WSqPN/yY/hM/uDDN3M0uf8QHIEL","tlshash":"6b816d4ee6957293a0d8553441fdd0af7894a3aafe12c80d32e01cfb701c03ca60bb64","first_seen":"2026-05-30T07:41:04.602004Z","last_seen":"2026-07-04T10:40:29.249312Z","times_seen":24,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/previous-level1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.845Z","timestamp":1783161596845,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/previous-level1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 1404\r\nlast-modified: Fri, 31 Oct 2025 07:06:29 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: BLph8z.l9maxQ8vizNOqMvtgHWmMdQYU\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"06596b7b56a44efb9f21add73215ddd1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: oRjjSHZJSYiFKdjizwaSj8ZWC0mRDu6Cka5J04pAysVOQFamZgJdRg==\r\nage: 4134\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1404,"size_decoded":1971,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"06596b7b56a44efb9f21add73215ddd1","sha1":"f22a2eaa0dbdd42ee5b2c643e226f9ab7ceb5037","sha256":"852972dd053b8e4605e6993076970696eadeca15db304d304fbfe50add9adc7c","sha512":"5681f34a4a7eab4a3d722c87644c75ff34d03708fd5b3114187ebdd13116d198a3f817f3b4a259d6f41e084273908d9a3ee4afd74f2feaf0a6b74e87fd156e08","ssdeep":"","tlshash":"9a210bc0cfcd74d7c6e2455391604060edb50d5e925b53084847a9cf5c4fa0a27c13eb","first_seen":"2026-05-30T07:41:04.843615Z","last_seen":"2026-07-04T10:40:29.250587Z","times_seen":24,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/OrderLimitTimeFreeModal1.C4a58RVW.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.839Z","timestamp":1783161595839,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/OrderLimitTimeFreeModal1.C4a58RVW.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: W/\"6a46723a-2b97\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2533\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11159,"size_decoded":2825,"mime_type":"text/css","magic":"ASCII text, with very long lines (11158)","md5":"e21a09417fc3032da1d543c82918370f","sha1":"410e80a44a66faad903756badd7e000259621605","sha256":"57465ca913e9f5dabecec11316ed9eb0f67fb3a6c742ee0eec9055293531265c","sha512":"e252e8b9c23189427fe273301d71b83d998737fa99d4ba8af471871b4f001880cd4a2993890c8521095c5e4f42bbcede09deb77d9d4fb7ea31bf6a533e4077e5","ssdeep":"192:31LO8qGeaitxaKiceMPpqsqdQPfixyK47BggZMBF2MFkfrIAFzo2BuyUGPLj7cm:31+G3oxaKeMxp4QPQgxrpvFzTBpP","tlshash":"5b3285b0b46d3038b537e758e4e05a8ee1e5e153e6170518dad5732998cf383297e3ca","first_seen":"2026-07-01T20:44:48.012008Z","last_seen":"2026-07-04T10:40:29.252546Z","times_seen":11,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202511/af7b43164a484b7a938c856e7480ae0d.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.089Z","timestamp":1783161598089,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202511/af7b43164a484b7a938c856e7480ae0d.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 20029\r\nlast-modified: Mon, 17 Nov 2025 13:04:09 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: MYdF8MSPSAB.83AVSyWKBRsIX5IH4vUv\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"9e2d8609aad8fb25842bf56204aad01d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: NDNAGG4QpQChjQ7tnzoQL0RRvo1_8Jc8rWncinlepiWfn9w-CaYUwA==\r\nage: 2611\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":20029,"size_decoded":20597,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit colormap, non-interlaced","md5":"9e2d8609aad8fb25842bf56204aad01d","sha1":"e9426048236ae48b1c3c9557d606ce1d57ebcca5","sha256":"18dc58ad5a3070cf9fdf70fd02cee7814dac6e25433adbcf5ade253dc60d1ee9","sha512":"9dc725c373790ced3079891e16dfd64783b697ea58f5d0590f9f4d2a70646f2f95814c993b0c67771a3774704a24d61672e7235ca59f10052bdc989de44dbc2a","ssdeep":"384:zTFjDCaVAwDuWSVyF0hOvTCuAHbyOaUzNdV6ueRp3fo6YkrpPUQal9iYyJaxkEy+:3VtVNFSVa0ovTFqbTzNP9gW6YktPEl93","tlshash":"6492d0c9bdda6b4a3d769c0c7889b07b036b3f1ed0811b45491a957ece33dd4291abc0","first_seen":"2026-02-24T07:43:44.875416Z","last_seen":"2026-07-04T10:40:29.254107Z","times_seen":22,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CaVNnIyW.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.783Z","timestamp":1783161595783,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.CaVNnIyW.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:55 GMT\r\netag: W/\"6a46723b-56e7\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22247,"size_decoded":8291,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (22096)","md5":"143a588a89d40014abcfdb4fc3842975","sha1":"252311c13455dedccc6bddccc7a0b42e53626091","sha256":"246a8168717506e22fe39d71339ecaec6ae063b34fa12af82d24f4984d0957c2","sha512":"d6fd54f655ae40b9a5734f5b37d743e52b524a974f151a16548543dc62d74eb4d811fd5f0bd8358873493149f6cadce7aeb173631f9c404a344c2614c4b6f2c8","ssdeep":"384:iN4KOG3VHjGPbQFfoZAD7FP81Rvs0LjxCDNLp/mDubbOPzHgzjOrJbsI:q4KzVDGYoO7G1i0XxCDNLp/kub6PzAz6","tlshash":"38a23b0db1121c7ae7f72af0b02c406176782ba6f006d989b4fe8f753792ca19745f66","first_seen":"2026-07-02T22:42:57.240968Z","last_seen":"2026-07-04T10:40:29.254924Z","times_seen":6,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/GameHeroSwiper.DoWyvgqM.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.786Z","timestamp":1783161595786,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/GameHeroSwiper.DoWyvgqM.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:55 GMT\r\netag: W/\"6a46723b-3313\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":13075,"size_decoded":5234,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (13000)","md5":"2be49717d6ce4e92740380c82d47d2bd","sha1":"907cb4977079f096276ccf4133d017bc8170e9ee","sha256":"29661761a0e0a203d8cc1514494cfc72ace06b9d12e1ca122582b3552e74a635","sha512":"2db57b7fd04c981b5b8eefb39db6d8b44d57fb2dcd8e28056dcaa8e74956526de50247ff9d71b2c7c940b7ce03e6ada2fe2651c691fc8ab0a10a00f74140740d","ssdeep":"384:g1D+wM6QOyM+J3GCdZI9Ix17TIvYEy9LELpLLLK0d1sXXR5RzR:g1PM6dyMeGcZIyLIvYEy9LELpLLLK0dI","tlshash":"9642e85c746245bdfb3e498b1244b81d71282b82eb65d8c5f2fc362617e2c79ca1a33c","first_seen":"2026-07-02T22:42:57.217072Z","last_seen":"2026-07-04T10:40:29.257585Z","times_seen":6,"resource_available":true,"data":null}},"time_used":329,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/homeLeagueOddsColumns.DToIJSNn.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.843Z","timestamp":1783161595843,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/homeLeagueOddsColumns.DToIJSNn.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-d4e\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3406\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3406,"size_decoded":3670,"mime_type":"text/css","magic":"ASCII text, with very long lines (3405)","md5":"a71340986b47b57db7cfdb76531147c3","sha1":"dd523e91db74d90ce403766e9970f55f19f1e15b","sha256":"02c3a13810d217c3d4175ede761d3714fb01ec826eb26af63a638b64a860b253","sha512":"4e76dfcbadeef92a7f530a5bb1a3514b2f269ebd60a7e72f4065254d6486914a151d1b4094a08b8da0ebc1f0531f15f54dbed773104e2762d1b707531dd91019","ssdeep":"","tlshash":"4c615371b12910ede6bfe140f5e00a8c1564a65752320e1fee8b72668c8b1ef16366cc","first_seen":"2026-07-01T20:44:48.152101Z","last_seen":"2026-07-04T10:40:29.25994Z","times_seen":11,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Drawer.BDcLXucr.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.617Z","timestamp":1783161596617,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/Drawer.BDcLXucr.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-3af4\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":15092,"size_decoded":4607,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (6795)","md5":"1a43675eca2b0715ac3d4d95bb097d65","sha1":"7e5199e1ba211a65eb7d3b7f9983dc36234c851c","sha256":"909947e92aafb6ab8baf0ace70d6ff0653853388db5a365801bbe13399ce86be","sha512":"0138979e214ee86a1693e46d4e8103b8013347f908fffdb93b3c79b2e212ed299be54ddfb34d411e0528b6de8a5dc0369a47bc487f1afd95053741560d634ac2","ssdeep":"192:zBbctwvZXOqgG0PYmci+arsRvXLo4x2A+mNLaVa3p2mEDjwlh3vp8GRFkCZDsbQu:tRvBBdSWi+3ZXkQnlhB8GBsbjx","tlshash":"c362d664be19b07425b7c2e9c0de5b68117c97c2e72ac9e8f17134ab11c22bc5217fe6","first_seen":"2026-07-02T22:42:57.127366Z","last_seen":"2026-07-04T10:40:29.264274Z","times_seen":5,"resource_available":true,"data":null}},"time_used":485,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/service.Cp0j9iHE.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.882Z","timestamp":1783161595882,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/service.Cp0j9iHE.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-17b6f\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 97135\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":97135,"size_decoded":97403,"mime_type":"image/png","magic":"PNG image data, 264 x 264, 8-bit/color RGBA, non-interlaced","md5":"7e3f226d89292d0beea931c7354a0e24","sha1":"00277bda0a91651e8fc0aec5d939533b4729d8a0","sha256":"22fbcbb8b834645f7d68e2f59f55c8db1ecb21b4973530e5a53177f45af36966","sha512":"af1012755e2d154ad7d405ac720ae4f82ee11e2b8b5e80db67e39593d350eaa2803a22d8a512c20cb398651e0ce902c01126bad50dcb7aadabf8c16c45d0037a","ssdeep":"1536:/9I+nOsXHJTS0mMxLQdMB1q5u6o0Dcd57/5Ot5O5j6YKTb/5+y3UKt++ZC:Ke3XQMlQdKqEn0DcdJ5ik1EZlbK","tlshash":"4c93029f355deb75618483b75baf784b58869db1c01a08ddb261106dab83c8a234ceb3","first_seen":"2026-07-02T22:42:57.251324Z","last_seen":"2026-07-04T10:40:29.265196Z","times_seen":6,"resource_available":false,"data":null}},"time_used":480,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":226,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/ribbon.BmyO-YnM.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.126Z","timestamp":1783161598126,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/ribbon.BmyO-YnM.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-1f30\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 7984\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7984,"size_decoded":8241,"mime_type":"image/png","magic":"PNG image data, 680 x 322, 8-bit colormap, non-interlaced","md5":"d97f7767dd4837b424a75e6f66769b36","sha1":"4b083dedab484202754755d059fbf0eef7d144f0","sha256":"094618a72c1db139e12284c5ca512935b4bd3ca5de0c7e1a4360f1b2d935209b","sha512":"4179c88ab384fdf91ff76f4a08a7197e577aa25235a28200856e53a0a7439ac0df7d6f4351450e0f8c520cb793d202cf3fd05c037894a80867a7b7549be01341","ssdeep":"192:faeSVyoJWa8LjeroSXBvcg6ROayoBUyfb1Y9CQ86jSxm5zOUUsdNxI:ffVEZ6jhSXp+NBV2lbkm4U1a","tlshash":"91f19ecd8194a9df4eb1bf21c988998a644b5d2922473b523ac7c9101ecfbf55e84013","first_seen":"2026-06-28T16:04:36.78577Z","last_seen":"2026-07-04T10:40:29.268783Z","times_seen":3,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/LimitTimeInfoBar.Bqx5Y6tf.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.835Z","timestamp":1783161595835,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/LimitTimeInfoBar.Bqx5Y6tf.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-19e9\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 2818\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6633,"size_decoded":3128,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (6550)","md5":"b1ad0a20780e557c3f99bd900b70b82f","sha1":"a928918fc6ec9e1b2ee9a75e5880cae8d96b8d0a","sha256":"e35a87e7669070ffad0d8ccd51e760e2ae27b68abf6f3187e2b08e652b7c3a40","sha512":"f557e39065d370bb4679be5fe874d0d337e9472f085282f576621a35398de3bda9ca4e1a386e7816c5b242bea291b2daab135cb02e451ce62665d043c83189f3","ssdeep":"192:Y4S/QYauljiffbSQx96v00tjusAw6wXbdfo/uX8Ci1El4:3SGSQxkv00tdpoGsCij","tlshash":"3bd1fbbc71315838f737489851610166900d731baa29edd2e0ff1a399edcdc51ab91df","first_seen":"2026-07-02T22:42:56.959122Z","last_seen":"2026-07-04T10:40:29.269648Z","times_seen":6,"resource_available":true,"data":null}},"time_used":531,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":529,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/league6-active.CAVaxu2M.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.814Z","timestamp":1783161595814,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/league6-active.CAVaxu2M.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-db9\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3513\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3513,"size_decoded":3777,"mime_type":"text/css","magic":"ASCII text, with very long lines (3512)","md5":"c5ca278ae81d856ecd99dcc10682110c","sha1":"af597d22431bd3eafbc1f534a5ed5e4ef556d7a8","sha256":"1c2bc5839ed0da9275d0a7c804544f4b7fc771807f9d454e5393edea581bf173","sha512":"78910a74b626018f8e8c22489893d8dbe1f6b75e05b577de933d819ad6db94ef596b87eb994bdcbdbe60bc385ab8bcb852e76f7978d3f17eacc62d4d288f0672","ssdeep":"","tlshash":"ba71be1234dc2a1eed23bc116890033530b9ee474572654acaea2b2688d734f5eff6dd","first_seen":"2026-06-03T02:50:07.936787Z","last_seen":"2026-07-04T10:40:29.272094Z","times_seen":22,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/right-icon4.D8AknhkA.svg","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.874Z","timestamp":1783161595874,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/right-icon4.D8AknhkA.svg HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-3a14\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 14868\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14868,"size_decoded":15139,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f0e4c2d8f99654c8ce0f63ef03ab3a3d","sha1":"7ae9a97e8db79b12c98e377c71282d9bd0d1010e","sha256":"e2560b7e58bbf4dbfa46229f838607559a7120404472f751100ef49d8640b5ad","sha512":"797d160d2a1c95255668e796eb136dd4e2f5215c41828872b2cc7586175b5ded1548ffa82186d86e7a5c4291653d297344e33c8197ec1595c221ebb660d92d86","ssdeep":"192:StGDPgWt+Eut7AWPhKdjK9Zr44s4Jg+YdmTOH9EOF5Ey9qdnb+spJod5+zdsA:xPAEut7B944vlXTOf5ESUod5+zd7","tlshash":"446287f2a2d4f2f0a805e3fcd43694f2797238f93f55a69483d1aa99b80616588ddcc1","first_seen":"2026-05-30T07:41:04.870485Z","last_seen":"2026-07-04T10:40:29.274838Z","times_seen":24,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.Cb87T-p6.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.595Z","timestamp":1783161596595,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.Cb87T-p6.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-8d\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 141\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":141,"size_decoded":403,"mime_type":"text/css","magic":"ASCII text","md5":"fa0ce5514e807cb046d966fb57fead48","sha1":"1d6380788e17178a5fa1abbcd1b654ece292bc90","sha256":"3a963917a5e90eaa7bbb54ebd50bdd42295be33e1b2db8aa48bb8cf1981d9d93","sha512":"304c316fbbd54272aa4dcf20c0003f20087502e9cb1267b80acc1604f80032b64ceade0c39874d436ca4ae3a3dc94aeb6f54fc63e8e80e59f2e5c8bfc32d3fd5","ssdeep":"","tlshash":"1fc02b462a4c0806aa3fc150419371184708c668cac1cfdc533132e43d0ab2300325a7","first_seen":"2026-05-30T07:41:04.738135Z","last_seen":"2026-07-04T10:40:29.275984Z","times_seen":23,"resource_available":false,"data":null}},"time_used":402,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":402,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/TableTennis.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.829Z","timestamp":1783161596829,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/TableTennis.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4262\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: MDT5bPD6V_9S__nZLMNqc7j0roPz659i\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"d97da25317b1ad902b641881861a3043\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: lM147xfqyPDSXqcZna2AJ0lwKbr83xLyxOZZ4tmk6I2rFMCBegOpsQ==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4262,"size_decoded":4829,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"d97da25317b1ad902b641881861a3043","sha1":"43cab7f0d601e6ca7498c4067a3834ce2634d3c0","sha256":"3be50736ed5b4b68dacd9a3b286097246d7e0f498a468b1109392f5614687b46","sha512":"d6428863992ae0fc415055addace14ee07aa7bf8612d63157975f18c2e72a750e37c993ef65a69e863fa7cd07f4d85796f225127c0e240cd27607c97457711d0","ssdeep":"96:87SP/jtnXrt5+Yl++qwI8RgLnTxdVs4C9lrT349PdWWKBE/xZ:WSP/hbt53o9R9TxdVerT34nKu3","tlshash":"3c916df287377d2384680c64e09d43a9487466d66b65c2062f635c460a38153d3d6a78","first_seen":"2026-05-30T07:41:04.764265Z","last_seen":"2026-07-04T10:40:29.276772Z","times_seen":24,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.l-bHMgQd.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.845Z","timestamp":1783161595845,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.l-bHMgQd.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-5fd\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1533\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1533,"size_decoded":1815,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1526)","md5":"4287023c37061e50dc89e2e4a2adb9c6","sha1":"d4188dc7c571a8e4283fc665ca0d0d0ea92bd628","sha256":"0a1f2bd44fbb80e7bfe2c3802bdb8fe8a9f8bc5b6b3d66ef571274fdee4384a2","sha512":"eb50af5d8b00aa55db0198587f39ff9080575e2697da518afe2a226a1b42c7752189ed162ba760bc2c52a35eec6c2c07cb64e6fc616eb59f5844353d667f4d08","ssdeep":"","tlshash":"7d31409ab40d80f22fe394b87021321a538d9fdd9856c1e201ed6a490f0fcad4a4ea39","first_seen":"2026-07-02T22:42:57.004448Z","last_seen":"2026-07-04T10:40:29.281339Z","times_seen":6,"resource_available":true,"data":null}},"time_used":521,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":519,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/right-icon3.DhL8zjOQ.svg","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.873Z","timestamp":1783161595873,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/right-icon3.DhL8zjOQ.svg HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-b97c\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 47484\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47484,"size_decoded":47755,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a5155e65c57614de67b8ec15c42a232f","sha1":"890c06646b260d6c664bc12ca9f96babbcbf9aa6","sha256":"38bb58eaa5b7a889c516fcf383eaa5038bc6f733e43137533bdfdd57ca18cdde","sha512":"502c1414b09e0ec1624640c23bbaf681e158d0afa35760e35598263caf0a143c7effb8f667cd5620ab2d05f5e20ae0ec71d7aeef22fba102a86eb992173a1885","ssdeep":"768:EIbffQNc+n0C/ew94iyPwWGoL6wK0Zr0pSHSOmJt/7s+DBdNv/keov/B+VkkolNU:ZEB/ewi3VUFJJ7s+DBkZ+qdHa","tlshash":"a123c5f733a1a2f8e80bfba9dd2354607c563cbebb85c3d5c250ae94a655158cd88cd0","first_seen":"2026-05-30T07:41:04.77458Z","last_seen":"2026-07-04T10:40:29.287138Z","times_seen":24,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":208,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.s6eepsFC.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.562Z","timestamp":1783161596562,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.s6eepsFC.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-9a\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 154\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":154,"size_decoded":416,"mime_type":"text/css","magic":"ASCII text","md5":"ec2a611f11eaeeef68430fe3bf973e25","sha1":"c38b814250f4c652ca7f1e772affaf6963726b6e","sha256":"2bcfdd096c6db4ff2f23c1a2f4899b8597dacef281c53d26f12239d0498466a9","sha512":"4a221eb4022bf216db98081257ad813077aab6cac07a90a6b24709be347b004a197e7fd60c90d63d84bbafa24fae193b238284d4a96d6b9546db478c2c7b0b71","ssdeep":"","tlshash":"c9c08c2efb661a084eb3c930ce8832c21113e65ed169418c44000e683886c3a1f425a6","first_seen":"2026-06-24T13:33:43.01355Z","last_seen":"2026-07-04T10:40:29.289815Z","times_seen":15,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/EFootball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.850Z","timestamp":1783161596850,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/EFootball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6506\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: FtnPRWP6wO7QzlCI1.EOw9EOABMGf1bV\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"114517b2b07f6f35696a0b5f43f6738e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 7r2geu6_Nn_XaYmw35rGoWlVv8qG2MNvCvXF9PQaSGIOYc03P1Av2Q==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6506,"size_decoded":7073,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"114517b2b07f6f35696a0b5f43f6738e","sha1":"e7a052ec140aa1facdb265ddcf3d0b1963370608","sha256":"431a271bd772d9ae882e228ba26fd6ddf9fc1125beac3b379b4295c38e861b83","sha512":"c78bc414f9dbc10ea701c5da74a58daab16f1d370e5afb558c650d4bd909315708abd5a04f60ac8c5607e767451ca29d3e04720f9d4417e77b1c48b30690d1a8","ssdeep":"192:FSzqPhl0seo1ZDNWZz6E+BA6VcnC6CY9JwUdN7:kz4vfscp16CY/JJ","tlshash":"43d19f7e3813e80cdd78c14fc6df85ea939ace805453ca93a8a38c8de920e1156d52f5","first_seen":"2026-05-30T07:41:04.724559Z","last_seen":"2026-07-04T10:40:29.292679Z","times_seen":24,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/dragon.DyJal34v.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.154Z","timestamp":1783161598154,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/dragon.DyJal34v.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-becf\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 48847\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48847,"size_decoded":49105,"mime_type":"image/png","magic":"PNG image data, 746 x 910, 8-bit colormap, non-interlaced","md5":"68e5cc399b6a78e7fa8bb21eec3736ba","sha1":"bade57bfcb4888cdd956e2149081c3129018c20b","sha256":"5c47ab57dcf7b9221b17800fe8c6d5952b2f5091398ef686be4566fd6475615f","sha512":"912d1e17b194f16efffc9a954ce10eab24daeb429641af6a111cb81cc74781005bbbd0a84f533f3235df1c84ab6ca73fef640b28215a8cb8e17af8822f3f1540","ssdeep":"768:ifGAB+9Uab9fbp1anFQZFJibxvMM1wBnVtWlDh9ZR1APc2szkKvOXZjigMWkEos/:IchBO2ZFUbr1w1VtC9ZR1AEz3mtxXTYO","tlshash":"8f23f1efeab24e3af97894b9b2237a5cecae354d301451174b9c56407e2f0d2c329946","first_seen":"2026-06-28T16:04:36.749664Z","last_seen":"2026-07-04T10:40:29.295672Z","times_seen":3,"resource_available":false,"data":null}},"time_used":383,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":106,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/BonusSign.B3GMhO1P.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.588Z","timestamp":1783161596588,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/BonusSign.B3GMhO1P.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-319\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 793\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":793,"size_decoded":1056,"mime_type":"text/css","magic":"ASCII text, with very long lines (792)","md5":"7a4a2e7cc9e93ecc3d487daef2bc9799","sha1":"e469b43fcd21a7951b549080ae6b4f9484e27008","sha256":"cfd340ceaa886421d1e6ebbb71e9f0e71801f6a7d54509a4847a16cce67b4eba","sha512":"1e54b3c3dfd6cb95f6528e788f102ff4f5006043e76c9a29cb5b666431b0e4e2c1d957c0f71210293bb198e30389d85a988e8351e3433e033d261d21613a4407","ssdeep":"","tlshash":"ce01c25692423526c04f53c1b2c0955c0726eac3e5a36eee221c6ae657826e342d771a","first_seen":"2026-05-30T07:41:04.83171Z","last_seen":"2026-07-04T10:40:29.296579Z","times_seen":23,"resource_available":false,"data":null}},"time_used":408,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":408,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/FormItem.HTKNZfM2.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.605Z","timestamp":1783161596605,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/FormItem.HTKNZfM2.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-83c5\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":33733,"size_decoded":11177,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12048)","md5":"29452cc6be124d4a8a86529a2f1b35bb","sha1":"36947514f3aa87cc7267cf56cbbdaeb18c45d6c2","sha256":"7fe95fdc724d4a1742edc35389a08f7720a00fac35e6dc6223b1be103b08d729","sha512":"ab27db767bf404242403c76c59ebf124ceba46d1e53d4a8ee9bb74e8fc65552d2d2103b9f21052d25b96cdefe192b06de797aef5c8739a391c079de5d85fffae","ssdeep":"768:4/wxlD1aJPfS4fS6jjl5HkWQTejie+meYeJe+Ve+3e+Ce+LeN2e+ye+kej3eA5ev:J1Kdt2QlU9mijZ2ZyrjdgeLbq","tlshash":"e0e2eac872d8b05c8ba354f1905b9417b22bb840982ed4c1f76e98f26af4a5d1773b3d","first_seen":"2026-07-02T22:42:57.038222Z","last_seen":"2026-07-04T10:40:29.297333Z","times_seen":5,"resource_available":true,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":446,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/master/f/fundsTypeConfig/queryAll","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.670Z","timestamp":1783161596670,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /api/master/f/fundsTypeConfig/queryAll HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 2942\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":28985,"size_decoded":3214,"mime_type":"application/json","magic":"JSON text data","md5":"876fe5c06994ee0a01402e0c4ed070f0","sha1":"034d3d28a9aa1ca325d2615bb5c9bd9f85b3d311","sha256":"58a1efb1cd5ee9c824f5a95877cc9f8791609d8fc75dae96740a4e1046cd9050","sha512":"4ba91e28396d41e9eef32b362c76443ab4a8c2b991f946ff790fab3ade1a7e92bd21125830c1e8ca24a9f11cb880348c215a6849a4bdf78f07353e00fcca8c3d","ssdeep":"192:nTHpTxpTQpTM+ZpTypTspTFpTIpTepTSpTJpT4pTppTN3y2g2G2U2m2c2+2RGpTt:h+B3RxtEmbzpmV99","tlshash":"d0d2a52c379fccec8741737a0caa248d26e6765dc5849758d6d9fc78c51a2ca303e3a6","first_seen":"2026-07-01T20:44:48.128763Z","last_seen":"2026-07-04T10:40:29.298025Z","times_seen":10,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":445,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Badminton.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.823Z","timestamp":1783161596823,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Badminton.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 3724\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: WstUMFXE9R_PIGvO3YZ..SEp78p9RT6g\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"2df89a45cd8eead917f1a04f760cb35c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: lG1jXECxKWVSNNV6lkw3mDpYoPtYa6zBAV8sDFKXM4o1qzdt9n-fBg==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3724,"size_decoded":4291,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"2df89a45cd8eead917f1a04f760cb35c","sha1":"5c0dde8efcd74d2ecaaed58f8fc93cb7bb5af3cd","sha256":"1e0340420bf95402cbb14fb2b49b90ae22c1199e5873f63b189397442a95cd56","sha512":"31e496fb76553f068ee8179b6f62428eda2112ebf5cdb367c31ad9b3afcedf25f761c9834b7b78c5f8c5fda996c29cf4c24a8630794114f74cf2b657a7279f25","ssdeep":"","tlshash":"78716c53fe8f7630be1d50d1ae01cea17a7682490fc545518f9271b07cabf9e816a0b1","first_seen":"2026-05-30T07:41:04.800696Z","last_seen":"2026-07-04T10:40:29.298601Z","times_seen":24,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/1de52e5d2bd6de3bdd7385a047f99890.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.413Z","timestamp":1783161597413,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/1de52e5d2bd6de3bdd7385a047f99890.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/turntable-content.Di0IXIef.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.139Z","timestamp":1783161598139,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/turntable-content.Di0IXIef.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-bbb3\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 48051\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48051,"size_decoded":48309,"mime_type":"image/png","magic":"PNG image data, 522 x 522, 8-bit colormap, non-interlaced","md5":"469c8dc27773381d36efcdcab6cce15a","sha1":"79dc1dd0d9ec53fc3c9d52d365af16dec35f4f57","sha256":"b722bb6923c139aa27358c124d5751c041ba570012db40ddabd7db388138dba4","sha512":"09168d3e8075f25988049529a38457d663ebe0c6f2b4059a6ca62a2a6b2fb776db46bc91b8d216d664593d8b8b31177e746ce8e0eb0075ba2af75d009e5a1cb4","ssdeep":"768:ge0dRg3zxrC1w3cW0tvFawapsovfCiEmLOXmq+xY3/1IvD8TX5yPELw+epgkiSeX:ge0839SJvFUsKf2mLW9+uP6LGXRLJk9o","tlshash":"8023f2132b1d4c90fbe92377dac66f32b1222b0494f579f18c5ba670994ecf59e0e092","first_seen":"2026-06-28T16:04:36.684233Z","last_seen":"2026-07-04T10:40:29.300439Z","times_seen":3,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/MatchTimer.DRQBVhCx.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.821Z","timestamp":1783161595821,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/MatchTimer.DRQBVhCx.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-820\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2080\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2080,"size_decoded":2362,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2079)","md5":"b63ac139351a6dc41193b04595367622","sha1":"d771826bf217349329a5606d421bf28645954789","sha256":"19e2f5e234d3bfb34c70b0c4429e6b1781a03b6d583ae70cef777730fa59927e","sha512":"056fe54f48aa4edd1bddd68f918c808d14bab4fe0d8e2b536f68126cb5a6ded626b900c280fd43b1c8382012d73f9d93788a6cc97c5efdbd445b8b42769aa839","ssdeep":"","tlshash":"8141a745bb0f58e053f0098005404914ad1b8b2d3133adc5ebac4fad932ae58afcd56d","first_seen":"2026-07-02T22:42:57.214247Z","last_seen":"2026-07-04T10:40:29.301314Z","times_seen":6,"resource_available":true,"data":null}},"time_used":545,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":545,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/siteSportBet.W4Zh4-si.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.826Z","timestamp":1783161595826,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/siteSportBet.W4Zh4-si.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-1fd7\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 2430\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8151,"size_decoded":2740,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (8132)","md5":"2720d994ed041be80c28f0d03f5d9fb0","sha1":"c84a1801c8fffdb731962cd3d8b080262a31a94d","sha256":"2f400c80e72b8393054e93d746cc9ed8ba2031924b0275d74ab6121e587b9f2d","sha512":"4217a19d453b8fdf57745ad6b0a06555e44d3e0748585612d8607fb5a2b20599889c57fc4a6c9c76214cf9011eadf8e0343785ad7f3b0a728d7711f60c123233","ssdeep":"192:atl1o3eBbuc5c0E3q8zADNRPrctVD0fultlqcRS4HTiW6c1gxD0ywlqKl82cxllz:atl1o3eBbuc5c0E3q8ze/DcTD0fultle","tlshash":"e0f19367b29f520157c0207c90fa07a37724647e24a388ecbf6deec96625a5473b5b3c","first_seen":"2026-07-02T22:42:57.118539Z","last_seen":"2026-07-04T10:40:29.302096Z","times_seen":6,"resource_available":true,"data":null}},"time_used":766,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":766,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.D7lZj9rk.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.554Z","timestamp":1783161596554,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.D7lZj9rk.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-20d\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 525\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":525,"size_decoded":806,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (524)","md5":"749a8a0f67ba057429945bc92541a391","sha1":"a4abecb94c435c46ffdcb62389dcf43fa369fb9e","sha256":"da980970f235c83f9ce99f92073566b3d05609a8d98fa4df2833d5c46418114a","sha512":"115dc02aa2a3e311ff3a05d0e16a0ef3139d479697e3343f68f4375e8e382259c3505d4f67c3da5b5b64c89d334a94285037c76668ff76b3ce5ffed8e9cbc741","ssdeep":"","tlshash":"51f00e2a7f4cc0b4a6370dcc3573c42c065f07d9b630eb9982d33f691b89520a95e139","first_seen":"2026-07-02T22:42:57.009685Z","last_seen":"2026-07-04T10:40:29.305241Z","times_seen":5,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/usePagination.DhDoupwU.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.624Z","timestamp":1783161596624,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/usePagination.DhDoupwU.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-402\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1026\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1026,"size_decoded":1308,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1025)","md5":"ba2dbe544344b438508cb6019ac2f8c5","sha1":"ac356b38ddeb83997f7549ef5c954fce949a8d56","sha256":"3bd9c616a75f5ed900db3f66a6a546fd87086c7ae3568fa6b8361ed9b252b932","sha512":"ab5f84e0c363cc6f0f176284ed69f295ad2eb4de7e026ac5d78852e087d00a5cff8ddd891ba73102bda78fbfababd97ec1ed18cee16bd1f05d1a9421f5f25ee3","ssdeep":"","tlshash":"6b11e18bf2ab31b49379ccb59099144c4d04afd175669dc87dc95b5963b7ccc3345832","first_seen":"2026-07-02T22:42:57.157569Z","last_seen":"2026-07-04T10:40:29.307199Z","times_seen":5,"resource_available":true,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/d0fc6cb72be725744777cc1e7bd7e247.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.412Z","timestamp":1783161597412,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/d0fc6cb72be725744777cc1e7bd7e247.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/password_visible_off1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.675Z","timestamp":1783161597675,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/password_visible_off1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 1658\r\nlast-modified: Tue, 11 Nov 2025 12:00:41 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: FXZ2k1FliWBjNJ3VW_PuA.ovRXgaQRdY\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:26:30 GMT\r\netag: \"e63650dd990949d13994b4028612f77c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: sEkw3hnNO4Kp-qAUWg06UFXyNdK7VBPXVtvD6yVSHquTumeM9SuHhw==\r\nage: 808\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1658,"size_decoded":2224,"mime_type":"image/png","magic":"PNG image data, 168 x 168, 8-bit/color RGBA, non-interlaced","md5":"e63650dd990949d13994b4028612f77c","sha1":"caa9f8b08557b93c6b7098676ad0cc7fa3592c82","sha256":"fc01619fdaba269e6e3b37f7808593d6c1dc49b5ae41f3718d4ac1c0261ba56e","sha512":"d29f97bb1aa32dc5400bc602f462123ac099b8b6c913fe9aab95fada55c3ba184088a8b6841f50a637b4813f650dad947ead6a3f9d34a60c312229be549b3733","ssdeep":"","tlshash":"d3310ab6b4696398fa0e63f4c0568b62b83ba2ca85b7a91754f464bc53304427b33255","first_seen":"2026-05-30T07:41:04.841722Z","last_seen":"2026-07-04T10:40:29.310251Z","times_seen":16,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/right-icon2.CA_mfVyH.svg","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.872Z","timestamp":1783161595872,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/right-icon2.CA_mfVyH.svg HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-ec67\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 60519\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":60519,"size_decoded":60790,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6111e72a5bcd012ceb62d5add84c9949","sha1":"cfd667f062465cd60f7f5be64f51eba0ab42ce4c","sha256":"e392f4128c43fdb316678c473bb409494391cb098ff17f3cca050524c927dbbb","sha512":"b9434c10216cfb60779054bfdf8e0399eaa9e38e9ddb664512ea1e54ff70b0cd4fe2c42c910a9545b7730cbae9e871d339c4c636b1a5ab42d94f058f69104c88","ssdeep":"768:aTDuFBlw3W63T+OrENriyaolJPS2J9SzEt1rHnJrYr7U/ggNL43iL9Mu3iaarv:aT+wGy+O789k6rHJrYr7UIgNCUauybL","tlshash":"fa4395f5a7d8b2e0e106ebf4d4229461775f3cfe7fa6cb9983a05d90d62205c898dc90","first_seen":"2026-05-30T07:41:04.773059Z","last_seen":"2026-07-04T10:40:29.312147Z","times_seen":24,"resource_available":false,"data":null}},"time_used":491,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":228,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/1d6c905e1243664c54468b40aad58e8e.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.396Z","timestamp":1783161597396,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/1d6c905e1243664c54468b40aad58e8e.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/43faf22c399848fca234bd793a63d49f.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.146Z","timestamp":1783161598146,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/43faf22c399848fca234bd793a63d49f.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5497\r\nlast-modified: Thu, 05 Mar 2026 08:41:06 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: l3_fXtddGAm3CKCeOvDlCyRzgvKjxR4K\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"65051acbe50a0e90b9a3b894e1eede9c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: KeQ14_2_p1NEvdxTiT-AxfPDfubOqNYoJvAcMFdiBM3N4NyPJRFDfQ==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5497,"size_decoded":6064,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"65051acbe50a0e90b9a3b894e1eede9c","sha1":"d42dd665f01d9dff7d9ca079c8e26fc8f549dd04","sha256":"ff3f28a9f2e1bd82e5f34564756ad1575d4ef48aa352436f88456476fd9f16e6","sha512":"dc936dc85a39d08931355c7d5e051058d0b7275bec2437c8c28b126e0637a6e4e7b1d78a495c97980daca17a374cd4ac511f6b3d7cfaecf0cee8f27bc5e18574","ssdeep":"96:9ScN3T576g8RvLkeyDojba03QPopsxi44WYRExmfMkAEVdQLQWxgSlWtsN4Lk:9S8d851yD8z3QiHWmn1dsQ2Mq9","tlshash":"dab15c816a49a878f77afcf542b67124ff2fc8fbd6831092a09959089175e79852e108","first_seen":"2026-06-28T16:04:36.70234Z","last_seen":"2026-07-04T10:40:29.186563Z","times_seen":3,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/GoldCoinSign.3mx8SGbz.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.590Z","timestamp":1783161596590,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/GoldCoinSign.3mx8SGbz.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-fe3\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 4067\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4067,"size_decoded":4349,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3984)","md5":"6447ba495c21fb7d0509c1d23c8dedfa","sha1":"973aaaf55bda2cc74c8b65644d93af41a052c9aa","sha256":"0e84ec7e1bab30ec8a5d89dbbc2197a83b566ea420cb6af3c62ed746fe28a9a6","sha512":"6e4705697d51276aced99a27bc4c97e0709d7990d2631c5c516551dfe5166c36abb7af6a3f99070ca9e0c9ea9258707e78abef64a0a932518424ea70120245dc","ssdeep":"","tlshash":"5e81865b7076a6b87aa75c44605480a3a20cbfaec0a4845964ff083b3787ca5974d73b","first_seen":"2026-07-02T22:42:57.056324Z","last_seen":"2026-07-04T10:40:29.323854Z","times_seen":5,"resource_available":true,"data":null}},"time_used":509,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":509,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteConfig/202511/ee3819441aa843ebbc3fcfbea1bcbe83.png?t=1783161597549","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:40:00.141Z","timestamp":1783161600141,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteConfig/202511/ee3819441aa843ebbc3fcfbea1bcbe83.png?t=1783161597549 HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 42751\r\nlast-modified: Sat, 15 Nov 2025 16:16:45 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ZB_X_s3yYKWbNy40BHwk8SsZ68ob2BID\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:24:54 GMT\r\netag: \"4b7d5edff22eef9f76863fbe30214b73\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: NAQIxEMtveDlkjiHmsZlvjlvw1hmyxzx_EPw9TWqv2-WgVJgzbP39w==\r\nage: 4507\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":42751,"size_decoded":43319,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"4b7d5edff22eef9f76863fbe30214b73","sha1":"a99d5c2d985ad9d22b045879a7870209fb614722","sha256":"da43fe136d4c9a0e7d859c35849a09ca7675a07f207aa4cd083c1bec02f0d70e","sha512":"a2e6b94f92242170f1044ac0d75b63a1e58f9331667e240269eda228c9f3bee8b8a592c9d87327df6b1d71938f30a86843d522ddc8ae1687182dc20c3ea87d5d","ssdeep":"768:6jgtLyYlr9sWCEbsbMSYd78COUW1+CNToJJwrQLMofwb4XW1F:aDO9sW2bMj8COX1+CN8JY5oo8m1F","tlshash":"2a13f1b34481c0e0d882187b8ee31bc97d3a570917f968b55e74a472e62b3446f6d3e9","first_seen":"2026-02-24T07:43:44.927031Z","last_seen":"2026-07-04T10:40:29.32556Z","times_seen":22,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/game.svg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.865Z","timestamp":1783161595865,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/game.svg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 24 Apr 2026 11:29:23 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: B3gsmpVo9ABENKBZ_CHOtow2WnB3u0sy\r\ncontent-encoding: br\r\ndate: Sat, 04 Jul 2026 08:42:26 GMT\r\netag: W/\"a4ae58be5748a57b9e974871724db8fd\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: lrR84sq3-iQ4kGf2qXx6OjVx5-jNsnHMg97cAwvvM1CSR2yLgjo9sQ==\r\nage: 7050\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":1962,"size_decoded":1516,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a4ae58be5748a57b9e974871724db8fd","sha1":"00ce8c384913999983afe01136af2cd6d79cc6c9","sha256":"2a5c78b187397c09ccc76d8247b7eb45c9ea20f6971e7092424374e7782234c8","sha512":"9dbfaa500414e9a5ce2a0a00acb776bdbbdc334e43e26e04b13de8f8bee0a4d62a05c18930071b8fcc07a62114079b09a0c88fe52cdbeb3cc3ec7614cb4052a9","ssdeep":"","tlshash":"984188fb469ce1d09603cf24e92ba4757ddb74fb3fa58be881409b6895150db498cce0","first_seen":"2026-06-03T02:50:08.043344Z","last_seen":"2026-07-04T10:40:29.327148Z","times_seen":22,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":18,"connect":1,"send":0,"wait":28,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/fcbfe72e779a475fbb66e77c18a90703.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.149Z","timestamp":1783161598149,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/fcbfe72e779a475fbb66e77c18a90703.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5582\r\nlast-modified: Thu, 05 Mar 2026 08:41:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: bEYBUhTM4hOyJ3Vmvz9inTgSJs4m5sZf\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"31fb14137e2299cc734d143e453cec12\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: auBl54OE6ZuOtzwtzjnY2njZHVipa5VA6e123C_Y8EChnP-ZRGwNMA==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5582,"size_decoded":6149,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"31fb14137e2299cc734d143e453cec12","sha1":"eb8bba6f7d5d55a655663a8d5ee2e38629e51184","sha256":"d19173591c9656c46a818d8fabaed77d608bdc3845414953cffd826bb76c785e","sha512":"20ee04de40226d425de0d30b9f930bf7ffb793a134bb0258d91d9f475f89636ef490f3d8308780e43ae30dacad83380af1e422235ce6e1d4cfeea104d6ff4f49","ssdeep":"96:9SRES3Uk5boaSbYxPBjIw9dMHO/+/3K9s6NL0mVkm5a1XdqlikAX3:9SMWoTbyPBjI3O2fK97LXNYX8li3","tlshash":"fcb17cd5b58bbc24473685a1ad60c3b0d44719a5cbb12efc2dae802b04d829d51eb3d3","first_seen":"2026-06-28T16:04:36.827445Z","last_seen":"2026-07-04T10:40:29.136635Z","times_seen":3,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/league6-active.DnUFTfPa.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.797Z","timestamp":1783161595797,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/league6-active.DnUFTfPa.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-61fd\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25085,"size_decoded":14743,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (24948)","md5":"9eb52e0b75fc835ba837b1bd7580e384","sha1":"cf35e38a06a96fd0afdd71683fd361d2a41bc20b","sha256":"165fd9a0d64255db483e3e2fd6d2a989d82e319621ebe2185fa81b5e98e835b8","sha512":"5d5eef4c39a90494e0b89266ea5e2c09571acecdb68cc151ae02badd117b39d9ef3224df8e556cb788d7ebc47b8ae2c888d03e24960a16f9fddba020ff73aed6","ssdeep":"384:NrhaZ+JwIhoZSPFZBxSeqsYf39WyvYb4l4D+rLJbocR0EtxHFl:NcwJwI+SP+epYf39psOecyEt9Fl","tlshash":"6bb27da935c71d3ed39318a470a900907cb93eafd0189841eafc7a517adac50ddbb2dd","first_seen":"2026-07-02T22:42:57.239227Z","last_seen":"2026-07-04T10:40:29.329985Z","times_seen":6,"resource_available":true,"data":null}},"time_used":566,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":566,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top2.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.876Z","timestamp":1783161595876,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top2.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 22898\r\nlast-modified: Thu, 14 May 2026 08:14:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: LOGnTppTdxck7hXyAQRzzudvdKdru2uw\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:38:44 GMT\r\netag: \"c60454ca36eeafbee3a4c9f6a3609c37\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: MzcZBEFbWpT5EaaR2wMn6ckIrE9gpBT33oeBMuMRIxwUerYCEy7-Gw==\r\nage: 3673\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":22898,"size_decoded":23466,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"c60454ca36eeafbee3a4c9f6a3609c37","sha1":"bcd3671b6c4279a93ebc396e6ac0394112c9cbad","sha256":"f18837f1607b0b5de317b9f4eda6988d31e2ba388d6c088dbadec6fab7eca28b","sha512":"7118ea5a0b3611854f8459e64b538ba3ffc9fa38a57a27fb288a7c0d4832a04db7499b8f4ebdf1a6f919141bf62b4a0f29c32227a76ac3f43b31ce8cda811c64","ssdeep":"384:5T6fLwuMSdYyWN9QtajC61NoEbjIESOpG7QMW/AfFc/GAzzCoRapt/PU58J6mfJw:9UMysBjC61NoEbXXpMFSz9aCmfZp8N","tlshash":"5fa2e1850befe594ba773154768f0a6a851b7a9e401ccf2eb26d3835d4c1cf1a090f4b","first_seen":"2026-05-30T07:41:04.783326Z","last_seen":"2026-07-04T10:40:29.332255Z","times_seen":24,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":7,"connect":2,"send":0,"wait":25,"receive":0,"ssl":223},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Cricket.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.839Z","timestamp":1783161596839,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Cricket.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5031\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 4fL12d5PikIv2r71rUVqwYa21OpaEeQj\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"677304722789e38061437d9ae84d583e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: TiU1er8CBL5tCBWO6tHDpa0UdBWcrdoXERNoWRiA_cbq5KE4hSrlCA==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5031,"size_decoded":5598,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"677304722789e38061437d9ae84d583e","sha1":"2ce92570fcab5ddd8ebe8e70728e5c66964b579e","sha256":"9582f0480895c8d2a798940790fbd0f176213dfd4f635bf3ea98eaedc4bed637","sha512":"68c53d99daf99af14e43a2435410607951ef98c830c52a19bb770c990c8554bf58ab238caef7a8c070053c2b5de3121f309f42da46e917933468d662f83513bd","ssdeep":"96:87StPdtJA1ccsvM8yN2L6R746hMkd8UPeBh9iIA3xHpcjJhA9DEFA:WStPdWHyL6HhMJMef9iIoxHpAhIWA","tlshash":"75a18ce4bbb8887edc72f98701b6b48eac5c7c8a52a080ac528f70b1315ba58501631e","first_seen":"2026-05-30T07:41:04.620301Z","last_seen":"2026-07-04T10:40:29.335124Z","times_seen":24,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/GameHeroSwiper.D9vkzGIQ.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.792Z","timestamp":1783161595792,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/GameHeroSwiper.D9vkzGIQ.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-d02\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3330\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3330,"size_decoded":3594,"mime_type":"text/css","magic":"ASCII text, with very long lines (3329)","md5":"9ed2d942055788f6a3685ba9d6bd56ad","sha1":"51798e9fc6f00bdb5799f990ea5f619427ed6f9d","sha256":"ddc0a339666eb208dc8b7fdb3545e12f6b34cef3db0170c42596869ee2868a89","sha512":"79dd6709e2e7739de6346c0f5c44fb67d788afeacaf92d4abd254417d4d17c46a3dec52745011aabc77a4a9fc5f648b1167a857d5aaa2374df81492ffbe4ad8a","ssdeep":"","tlshash":"13616525a89c002900f79f459cc42b1d8138da8393638cdd7719776acec3aee7abd795","first_seen":"2026-06-24T13:33:42.971553Z","last_seen":"2026-07-04T10:40:29.337864Z","times_seen":16,"resource_available":false,"data":null}},"time_used":328,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":325,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/League.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.080Z","timestamp":1783161596080,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/League.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 46333\r\nlast-modified: Mon, 01 Jun 2026 11:10:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ALai7UvPsIMBkJfgOZ75b4CV3O29wMVT\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"5dbb888185ade5a40cae365d80539f76\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: G8EWfbMF-Doc9fqQJboPFdNJwg91uz3hBBK33G4HC6CXuP5vxem52g==\r\nage: 1011\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":46333,"size_decoded":46901,"mime_type":"image/png","magic":"PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced","md5":"5dbb888185ade5a40cae365d80539f76","sha1":"955a1fd52c050d4e9504d5e133375f4f495c2c17","sha256":"327e5531beb1127473c8042f67251be99743a5ebeee035e19a4b0a6690f99b21","sha512":"fad5e7dfcb1be3bbd067e1d9734a598e5d100a2847e85f60b25f87ab80ec0a1e5c82db2bd9c1a06c9054f67d37c11afd989cc9c9b213036d97bffc9ac7f861a7","ssdeep":"768:daKQzzua1WK3t8oAV2+tbwOo5R5ikPTzUGP/UYUtHZ3ew6vOFT:d9QvuaoK3bth7IaPZsjVIeT","tlshash":"fa23f244b616e09737440b13031ebbb7e9cbdaae933b2274361deb5a865d08dd08536b","first_seen":"2026-06-24T13:33:43.105301Z","last_seen":"2026-07-04T10:40:29.339835Z","times_seen":16,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CCnRiDlB.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.579Z","timestamp":1783161596579,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.CCnRiDlB.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-acb\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2763\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2763,"size_decoded":3045,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2754)","md5":"74cbb9254f66d7f3e7d21ca7a214586c","sha1":"dc7b6f643cdaec1205856177889acf7a22d22d51","sha256":"1871db70a86d80bd5a6edc6e2e78ece4b9656889a130146e7796b37f58aba96d","sha512":"4cc6028e36a85e179d011f857e3658b0721940d968ad11fe94e7199e74e5800f9b1538ba04a36ad1a75c5aeeac969a75219f469601d9f22d8ef5fb959381c7af","ssdeep":"","tlshash":"db51a7012c12c6fe6efb8100912e668ac1093f38d52ec556a3fd48067bc78b6b79e764","first_seen":"2026-07-02T22:42:57.15219Z","last_seen":"2026-07-04T10:40:29.341389Z","times_seen":5,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":473,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/PersonLoginAbnormalModal.C0O7jhOh.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.600Z","timestamp":1783161596600,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/PersonLoginAbnormalModal.C0O7jhOh.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-30e\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 782\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":782,"size_decoded":1045,"mime_type":"text/css","magic":"ASCII text, with very long lines (781)","md5":"121ff9eb505558700c263530d5b53eb7","sha1":"fde8dc6a4150f6b1ad9914c36142f88a22c0a6e7","sha256":"940fef6a6534aeb9d14f3971c452cf7cd2fe7c61b99099063f7ecfea0a5b1948","sha512":"2d8d3d6a793e8a36b1a03039a0a104003c2bfe227f3dbc46368587d39c80d6f0f472ea52280351790a455acc1b114aeaeb68881b439280bb0967b8fe91015b61","ssdeep":"","tlshash":"93018ea5fdbd9219306fc6b6a1888c941515f3176a810be4fe753850ccc78a03727f6d","first_seen":"2026-05-30T07:41:04.65196Z","last_seen":"2026-07-04T10:40:29.342434Z","times_seen":23,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":398,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/siteRewardModal.DkaB9J1o.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.989Z","timestamp":1783161595989,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/siteRewardModal.DkaB9J1o.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-2ba\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 698\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":698,"size_decoded":979,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (679)","md5":"568c1390fcfa6d5bdaecbfdc832da40c","sha1":"ec151cf705446df126ac9817db9b93766234b50b","sha256":"9d309ebe6746862a2c058210f80bfa2642cc23b24858e939f306ec3d67035db0","sha512":"8872d90129f51e3f8002ab5b07e4551d51da6a9217c3defb051fe806a02dd88f87365a8269d6387a3bea3d85eb5dbbe706698ab2ad47d8c6bf7c1133f1315bd2","ssdeep":"","tlshash":"3d017647e90934b914b666b27455bd020399b93a948a062c39b928db16dc885f3f9f30","first_seen":"2026-07-02T22:42:57.164269Z","last_seen":"2026-07-04T10:40:29.343074Z","times_seen":6,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":524,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/light-one.CG-sBLhP.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.133Z","timestamp":1783161598133,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/light-one.CG-sBLhP.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-3de7\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 15847\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15847,"size_decoded":16105,"mime_type":"image/png","magic":"PNG image data, 522 x 522, 8-bit colormap, non-interlaced","md5":"cc562ae269d438fb623cbada660bb062","sha1":"f1dac67ad75f8cdd200a2ab3e2541a63d35dc013","sha256":"b0cd06a0515337112c12f3fef8ca168b2d256feae3b3300447845226fae93237","sha512":"5f04a055ee0e85c40b98509b5ffaed96434906e5024ec2b6311991d49172a070046762d68f580f42ce89ce7b631c018bce46de550b38e96685b7eac2b87e2b8a","ssdeep":"192:JAm62Eyzsg1Xrlnbi273eIZLnOtHIS7ff0NzgJIQZ5jP6brgM/QlFjhFOUsjDvTI:Jb5bzNhimeurOt37HIgmS+btQv23I","tlshash":"dd62c0b815781c06fd22d87382a3d8d9dfdf5400e22547e76d0d3ad6fe73626d98118a","first_seen":"2026-06-28T16:04:36.859131Z","last_seen":"2026-07-04T10:40:29.344368Z","times_seen":3,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Skeleton.C7SK15a3.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.790Z","timestamp":1783161595790,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/Skeleton.C7SK15a3.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:55 GMT\r\netag: \"6a46723b-99f\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2463\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2463,"size_decoded":2745,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1286)","md5":"5a0ca2f71bd94f9a897819a558de4aa7","sha1":"6f52e49cbb5939182cd171fea0dd8ebef7661c43","sha256":"56502f2cec8e649113f7c33a0c7921cfab738c17dcc0d4d07a4bf28459a7cf09","sha512":"eb3449e7309476902be92e6fec851b2a7eb4fef0f93e00f7103eccf45da446d10a32a731bfc2e10fd4cb906007d324570bf1c5b0a714e93360041b87d2c163a3","ssdeep":"","tlshash":"c951b79cf3dde8f769e3c8ff626a4754101835856b70e2a0b2b638a136012779721f22","first_seen":"2026-07-02T22:42:57.124408Z","last_seen":"2026-07-04T10:40:29.345289Z","times_seen":6,"resource_available":true,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/eSports.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.817Z","timestamp":1783161596817,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/eSports.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 7705\r\nlast-modified: Fri, 31 Oct 2025 06:57:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 8f5Ga6_b9PewpHauIY_6Vcg88hbvFDhd\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"13ef194d3222cc9862df8d675f00016f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 5mPYMXnIdbQbVkehAjfSPRpiCYe6k-8lvKbiSDhE_MmkuLuvxSvVSw==\r\nage: 3409\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":7705,"size_decoded":8272,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"13ef194d3222cc9862df8d675f00016f","sha1":"acd26ea2aabd4efbffec6092c0fc0637398030cd","sha256":"a3e732892d0d64f36f2207e453deceeef54eca7d3d7cf557874256ec8c57ba2f","sha512":"1aeca20acaf899c94ff04f015dd5d05cc236cd9137f827406d73f5f84f2c71752c83d762f8921af1716f721e4c0981eecc83cb45a8f3cf86996c976176e83350","ssdeep":"192:WSiIde6Q1WbkrgAo6RQsH1KVvTkFLm47Cm4dDAwNiQKHCTY7nLwJ:5tde6gW+gAwsHArkFLP7wRAwNYHCTSLI","tlshash":"6af1afe45d69b73a3aa874a67640419a0f6cbc5c247c720fdf3c7ad1d9640a630ed9a0","first_seen":"2026-05-30T07:41:04.730309Z","last_seen":"2026-07-04T10:40:29.346387Z","times_seen":24,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/game-center/f/sport/queryMatchPage","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.996Z","timestamp":1783161597996,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 35550\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":331297,"size_decoded":35935,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60454), with no line terminators","md5":"1b36833d0fea0a633d0bdc712c01f48e","sha1":"5ecd17a696147ed0fe721715f6795401136feb6e","sha256":"41fdd6bacf0f636531920368f81083538a33f9d75bde5845e1c685dda349a630","sha512":"6f3eb2a9b9e665e4300ef140770ea358c90d18a0d8e493ee931f1dd529485aaa6351d30269cc69083975cea3af76b0d2acb604e78b888a128aac8dfac4c4236e","ssdeep":"6144:eTaO7S305WLE1EcipK5MsO6028ABR0oKH2t+eGryh7OOZ2M5ODr1VTpTKRuT7DY8:dO7S305WLE1EcipK5MsO6028AEoKH2tM","tlshash":"c964378a692dc4fe9ac67d02e8cf3095e5e03a07e84d2d4004c67e6c9e1fb53b927567","first_seen":"2026-07-04T10:40:29.155284Z","last_seen":"2026-07-04T10:40:29.155284Z","times_seen":1,"resource_available":false,"data":null}},"time_used":411,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":358,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/time.rfAp2h4y.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.817Z","timestamp":1783161595817,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/time.rfAp2h4y.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-3ed\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1005\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":1287,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1004)","md5":"4e5328e24f911c6c542d9d7b2553201d","sha1":"90a6cdede54c05e9f9847ea64c4fb488d20fc98b","sha256":"d339a3d08ea65e85129e23828aefdf741dfd41dbd1099491794b815c0b54123e","sha512":"fa4da08e66f744a5a95446eccbf6cb04dd1e921e5adc6a5cb41ef905e2395c2ca0edec0b467c4e49f571768f1df05f6996753230d2f317bbbf59de33510a83fc","ssdeep":"","tlshash":"5a1125c12569a026f52701ecd0f883a62525da30bd266e54ff3f4a26317b4c7481ff94","first_seen":"2026-07-02T22:42:57.24819Z","last_seen":"2026-07-04T10:40:29.347718Z","times_seen":6,"resource_available":true,"data":null}},"time_used":550,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":550,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.vue_vue_type_script_setup_true_lang.BMZwK_KH.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.838Z","timestamp":1783161595838,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_lang.BMZwK_KH.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-4a2\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1186\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1186,"size_decoded":1468,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1185)","md5":"e4a1e5f9eb8c1672f2e7914e5811f7c1","sha1":"1ab1de00d064acb441b6716375d0ca203eb6c66b","sha256":"1597df2716cc1ec97ae4fc1ddc81b6972ffbf0ae712a1a4f36160c02f38be3aa","sha512":"720c2b17fb11056943d87400ef23d380731d5d0e04df64f111969fb87fcb71a5d7f05035cf931c5e698d41b88412d9331c7e0f90ce50f0ee91f28e7bc1f60323","ssdeep":"","tlshash":"ff2166cb3c6800bdd3b30c44d26199ed2125135ca276e8e6347b542a23a7c8077db1a7","first_seen":"2026-07-02T22:42:57.286373Z","last_seen":"2026-07-04T10:40:29.348949Z","times_seen":6,"resource_available":true,"data":null}},"time_used":754,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":754,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/world-cup.BvFKdTAM.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.868Z","timestamp":1783161595868,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/world-cup.BvFKdTAM.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-81d4\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 33236\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":33236,"size_decoded":33503,"mime_type":"image/png","magic":"PNG image data, 504 x 100, 8-bit/color RGBA, non-interlaced","md5":"df8cb4ae580b950c20491bd5d6b2b7a5","sha1":"58c034f11efe9a79e8596d62abea1bd9652b9505","sha256":"6c4d2b44119d87e406b23551c3302accfdaadd72a74ac3f38dc96885451f10ba","sha512":"06bf4f49b9ed161b4daece922bcf678f41bd1331c0e6019a29a12c0a4b8ad4d0e0b9a696f16b2839626a169967353af7e7b9b679e1ba47edda01378cabcd005d","ssdeep":"768:t9hgmblWJCwFxKmxHzZF4iOptwoiIiFKKp+q2iAV9smu:lgGlWCExFZSiO3woiIiF3dyVu","tlshash":"6be2f1d380ce5ea714b78754939801175a83432c9c628bf8cafc9ffbc4d557898bc969","first_seen":"2026-05-30T07:41:04.725841Z","last_seen":"2026-07-04T10:40:29.350825Z","times_seen":24,"resource_available":false,"data":null}},"time_used":491,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":225,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/RoulettePanelModel.BXjy0EwR.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.575Z","timestamp":1783161596575,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/RoulettePanelModel.BXjy0EwR.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-145\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 325\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":325,"size_decoded":588,"mime_type":"text/css","magic":"ASCII text, with very long lines (324)","md5":"e8b22cbc10fa0d987ea10295b4bfd632","sha1":"f276724db9250ba71bc8ca07721093d9c3bd7c85","sha256":"9727f0a5bd301d4e08d10eaabcb3d58050c0d86edd8fcb01a96d44634e6ea459","sha512":"623788a133aca0f5164e887bf8934c50101d196d9764da6018d9a8df9a1017963a2513e3d4ef9e3d5005360bf0ad7d94f576e479033b34ef0fdb7084a2a075a7","ssdeep":"","tlshash":"2de07da677216050a822abd4d29cce2e9b36b65302cf5de2ad8882d715c73f330e6315","first_seen":"2026-06-24T13:33:43.077986Z","last_seen":"2026-07-04T10:40:29.352316Z","times_seen":15,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":421,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Dropdown.CCarB1fp.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.631Z","timestamp":1783161596631,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/Dropdown.CCarB1fp.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-49f5\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":18933,"size_decoded":6194,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (7816)","md5":"d984e3415648bfd542bb84614c7c691b","sha1":"e5b4522b9710461bafb44627d280200cc003d92b","sha256":"96117a7f6fb1f23db2ea632df2b663b682aecfdac5a00179e6ba91436d8ed428","sha512":"9290a876a1473af98c5809a956ae0e0a60a27279aa47c719434fcb7e3f11c734ade5f7d094c7c2fcb5e390abcb6cf5ac3ea21dd5ace46315990eaf41b79cf4bf","ssdeep":"384:Rvav73ZShV7dlXoxDsw547MIfXeiNpSBpyex2yj:FU7JShVzoxMXPNpSBpyex2yj","tlshash":"b082e894f44ce5609ae385d8d29a8109a2172f83ee16d1f2f0ba1cd513d5374e29ff2d","first_seen":"2026-07-02T22:42:56.94985Z","last_seen":"2026-07-04T10:40:29.352971Z","times_seen":5,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.HE32MnY8.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.602Z","timestamp":1783161596602,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.HE32MnY8.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-2f97\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12183,"size_decoded":4960,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (11750)","md5":"3f5c3cf0e47b529bde3db4592a9d5c04","sha1":"965b9c6483792fe59ba83aedfccfa0a222b3835f","sha256":"0394f5beb64821ffee8a7e71221ddd7df271e8f063e8edaa3e95a8e3bd0f6be8","sha512":"eae665add77675f48a9fbf784cb7861af7fda7fe6e32acc039a75f658776838d35f9ed5cd9b13291f4a1bfa3766062b4074e144cac196167202badb5b00b2eca","ssdeep":"192:69bb7fcGPMgdyk3J+hsqapJ4xMsRd2wai0h7H9SR29oY9blsdC8jBAfDquEvdnRm:Gdyk3jEpRd2wai0h7H9C29oYtGdCYB8f","tlshash":"d342093c744a96ffb973c96855a48402706a7b3ddc4898e6e0af1a1299cbf3045e47fc","first_seen":"2026-07-02T22:42:57.156091Z","last_seen":"2026-07-04T10:40:29.353551Z","times_seen":5,"resource_available":true,"data":null}},"time_used":455,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":455,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.C0K9a0ZJ.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.612Z","timestamp":1783161596612,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.C0K9a0ZJ.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-c1f\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 3103\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3103,"size_decoded":3385,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3046)","md5":"d85d5429d6e30af48be229cacf23f121","sha1":"ebc2fa25568cec2e97745e3e04af1c808498d56d","sha256":"034980241a7ba8bf05b61b3ec58694b1fa8065e081ea7d45b42bdbff05ac4b93","sha512":"fded455296e73ffec23eae622efb577dd6a6a60dab794004bf06b2c7baa985ad1ace0f6c63d061262d17e0f2482e82676caf980bd311dd47108feb4e0540558f","ssdeep":"","tlshash":"49518566b83d8db8f2731cdd70214518a2091e4ae1626dd5e83a17aa2c07fa1cbef518","first_seen":"2026-07-02T22:42:57.125751Z","last_seen":"2026-07-04T10:40:29.354235Z","times_seen":5,"resource_available":true,"data":null}},"time_used":447,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":447,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/use-keyboard.CCfZsO2U.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.634Z","timestamp":1783161596634,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/use-keyboard.CCfZsO2U.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-4ae\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1198\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1198,"size_decoded":1480,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1197)","md5":"cd7612fd3462789ae46e2ba54b9fa3cf","sha1":"bc6dd671940514e16bfc237c27873ed46c95f708","sha256":"d5f8d09cb819587d2607f52d6f473671bb48a60ee573ce8cf2749fa97c609d77","sha512":"7b487c0c40eb6892a266fb685af41527dd49892af46aab2ea86a9f8e209a51a30ba421d6cead7cc8d5d7687252c245ac03b000a6b6788dbb4ec7d805f7b3d837","ssdeep":"","tlshash":"2d2124a0205d64fd9aa9ded91a3fec00345279707009bca1106ddf3b9ff9a429543196","first_seen":"2026-07-02T22:42:57.073118Z","last_seen":"2026-07-04T10:40:29.354945Z","times_seen":5,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":465,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/activity/f/activity/queryList","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.668Z","timestamp":1783161597668,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/activity/f/activity/queryList HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:57 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 2977\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":2977,"size_decoded":3337,"mime_type":"application/json","magic":"JSON text data","md5":"a766dbddd220d31096785d16ad1a049c","sha1":"7b36d7362364f889c2be543bd567ee59f9a497be","sha256":"928199340d1ad8b42df599891c255b0289a8f98c961156d075b2b02b33bd3877","sha512":"340133c9ad3966e8330afeade169bcbe22466b50bc98aac07ff00f50717d4dcc0d30d0656858f7d9e5892e1a7f3bdcd1b4cdbcc3a0125b9502f6c6b4e9687bcb","ssdeep":"","tlshash":"3051ae671a4825a6fb442d67f5a7d3090cd4139ffa80d9dec38d09ef59dc0b2226521f","first_seen":"2026-07-01T20:44:48.159375Z","last_seen":"2026-07-04T10:40:29.356182Z","times_seen":10,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.CB9IPjua.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.848Z","timestamp":1783161595848,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.CB9IPjua.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-70b\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1803\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1803,"size_decoded":2085,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1658)","md5":"d98830e9046f4337114d79dfc284ce5a","sha1":"5eec0306087eee09e479ee7f28fa4531a990bc55","sha256":"c3767f9c47e7016a95852b1dbf2007c126af1628376b5e9b38d39956ccb942f1","sha512":"86117b591a24da2be1f38b7fad485d307cd016280ca33189c296215424edca4a5622802775aa51ee3e5e5706e4c320c4f848d15d4298c2758236d4a871d1ef7d","ssdeep":"","tlshash":"9131790a192d977f77138814f4813186604c7f55d023ccbad2b11a326bdb4f4875e727","first_seen":"2026-07-02T22:42:57.249161Z","last_seen":"2026-07-04T10:40:29.356871Z","times_seen":6,"resource_available":true,"data":null}},"time_used":516,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":515,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CH6viwdo.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.623Z","timestamp":1783161596623,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.CH6viwdo.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-5e80\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24192,"size_decoded":8232,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (23920)","md5":"441cc00726c51dbcf7bd228ac4a15640","sha1":"6c008d7197b1c9b64d7b139d4a631a34a29afb40","sha256":"775ac9742a11bb5719981745b6680f1b05eb408887e769c8053b8a17372fa217","sha512":"152af3217c98beca72213430b5fd689445c84dc78b8549cadf74fa4e66f660fe8dce5b6914821b3657246a0700e0d592278e007a6616893f90cb9a9426a19c6e","ssdeep":"384:nRd4MMg0ZuJeBK/ibanSC3gEDbm7UjFjYxPeVYeaFXlFefPcoSv0Lby7zyao:nRd4MMgHeBK/ib3C3gEDK7Aj4PeVYea6","tlshash":"85b20947b13a1e7eb3630da0f069069b520c7fdbd510da80a5ff19701bdac8056ada7a","first_seen":"2026-07-02T22:42:57.153351Z","last_seen":"2026-07-04T10:40:29.357931Z","times_seen":5,"resource_available":true,"data":null}},"time_used":433,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":433,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Snooker.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.831Z","timestamp":1783161596831,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Snooker.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4355\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Nq7dFskxwawJXxWn03kwdw5xfSwHXiLP\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:55:42 GMT\r\netag: \"7cc0482f9890c7de33726b9546339258\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: czF9y6ApqgDSO9eAmJNEmfsMf10wXOkXumrHkGSgUZU1trhgKk6YAA==\r\nage: 2655\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":4355,"size_decoded":4922,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"7cc0482f9890c7de33726b9546339258","sha1":"57d4628ac073427c44cdecb84eb3b741f0cf8449","sha256":"bf6bbdf6a1a0914f2197dfef8364e9da5ef040d1230b4198856fcb0cfbb27e21","sha512":"134bd45735a2779591105a86047074187f124cfd717ca7688655b535c52e03c11933ae7b65527b9dd79dbca7f6c29a1e09301e03395f2b5e8b74c20a167690b0","ssdeep":"96:87SmEe8KwmxAB6926Bc/Axqdwjy/Wc/eLXuVJXns/rPPS9Pw7o+IUQ:WSnKhxAY9G/1dwW/n/ebairPPS9zZ","tlshash":"07918ec3037a8dea264d87361a24531b94bf5813d8f5765288761c4c20bdf1291d3e6c","first_seen":"2026-06-24T13:33:42.973967Z","last_seen":"2026-07-04T10:40:29.36223Z","times_seen":8,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/light-two.BbRSCO-S.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.135Z","timestamp":1783161598135,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/light-two.BbRSCO-S.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-415d\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 16733\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16733,"size_decoded":16991,"mime_type":"image/png","magic":"PNG image data, 522 x 522, 8-bit colormap, non-interlaced","md5":"4fc091820b5a33f086d58cb9dfee377b","sha1":"5a4d9d7380f047483b350f25d4c76df117db22cf","sha256":"224702652b874dea1d35938624816eb569386a32142387c9e2b98f806f80de2b","sha512":"392c3fee92f48f2c37bf7c17c68d6dd0d31916730ad1703c2c2ed468d34ce56a6b9da14f97dcb096534c424fd6cd795a06f5eafecae91e8fc1dbb194dc3051bf","ssdeep":"384:3/8NQkUli8Au8f0FTwRyk2nLihiF70sxC6hTFluI:3cCIFXH0vr3XaI","tlshash":"7c72bf747bd6ec2ed1c6f960442bc15782c6eefb9da0541ee80cf840903ed6ae258250","first_seen":"2026-06-28T16:04:36.864009Z","last_seen":"2026-07-04T10:40:29.362871Z","times_seen":3,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/game-center/f/sport/queryMatchPage","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.874Z","timestamp":1783161596874,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:57 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 35550\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":331297,"size_decoded":35935,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60454), with no line terminators","md5":"1b36833d0fea0a633d0bdc712c01f48e","sha1":"5ecd17a696147ed0fe721715f6795401136feb6e","sha256":"41fdd6bacf0f636531920368f81083538a33f9d75bde5845e1c685dda349a630","sha512":"6f3eb2a9b9e665e4300ef140770ea358c90d18a0d8e493ee931f1dd529485aaa6351d30269cc69083975cea3af76b0d2acb604e78b888a128aac8dfac4c4236e","ssdeep":"6144:eTaO7S305WLE1EcipK5MsO6028ABR0oKH2t+eGryh7OOZ2M5ODr1VTpTKRuT7DY8:dO7S305WLE1EcipK5MsO6028AEoKH2tM","tlshash":"c964378a692dc4fe9ac67d02e8cf3095e5e03a07e84d2d4004c67e6c9e1fb53b927567","first_seen":"2026-07-04T10:40:29.155284Z","last_seen":"2026-07-04T10:40:29.155284Z","times_seen":1,"resource_available":false,"data":null}},"time_used":376,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":375,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"661815.com/","fqdn":"661815.com","domain":"661815.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-04T10:39:45.143Z","timestamp":1783161585143,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 661815.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"661815.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"661815.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.o95Fe42x.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.618Z","timestamp":1783161596618,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.o95Fe42x.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: W/\"6a46723a-356f\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2645\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13679,"size_decoded":2937,"mime_type":"text/css","magic":"ASCII text, with very long lines (13678)","md5":"ed094785dc818d2a0a8cec10da7ac483","sha1":"c31b7bad9e90013c8dd69aba18cd1e3743af0888","sha256":"00d719c8926f352fe517d1543833c1e74fc81281fae8490d9d9afa64e202e80b","sha512":"aca6220369abf36c1451944884a3cb2d3e97a4512bde4ac8bc77f9725c945ac3d705c8059a5dc9ebedbf6304d0abdad59b65e12c5f5e6538815b11fa7ccdeb88","ssdeep":"384:gagWzCzC9MCVCNCjMC8CbCHCZCzCUCeCBCACjCMCdC5C5CmC3oCRnCFQOCCvClCP:XSOMgO8Md8auo/N87K9gy43moQnmtCYx","tlshash":"cd524622b22ee01f753bd66175d88ecd6024710345e37adada7652fe84cb6822f3f548","first_seen":"2026-06-24T13:33:42.975427Z","last_seen":"2026-07-04T10:40:29.363429Z","times_seen":15,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":377,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.CU2theOH.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.622Z","timestamp":1783161596622,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.CU2theOH.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-133e\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 4926\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4926,"size_decoded":5191,"mime_type":"text/css","magic":"ASCII text, with very long lines (4925)","md5":"1bf1c152f3461398c76a787e824df75b","sha1":"1d00103a6bfc5e98839fa7df12f0275a802f9846","sha256":"19638ad40a7329a035eff657cf4a08322c6d02c39e96d89550f77b59fdc5a5e6","sha512":"2579feffd84bee15e7765c535334ac6c0aab066cba7c0ed27ece78cee73c4f41c98cb9662b7e57a46bc2918835d73d06a72cc894f68023212dcebc7ae5043438","ssdeep":"96:5WGXOyecfqNjvxqnb+pGO485ihnCpfC8H24sDvG9P:qrcf68nbI/75iFCp/24sDvG9P","tlshash":"01a163a77579b43e297b4e1d20c6523c3539bbc30f416661ececa79089c36e3ba11288","first_seen":"2026-05-30T07:41:04.728075Z","last_seen":"2026-07-04T10:40:29.363957Z","times_seen":23,"resource_available":false,"data":null}},"time_used":375,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":374,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/MixedMartialArts.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.840Z","timestamp":1783161596840,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/MixedMartialArts.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6110\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 2sqr0o7gNP0Uoq0QnPZLnpM1Wa2cqG4B\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:42:41 GMT\r\netag: \"451745237cd6238434fc9ef02db24b20\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 998PO_dDvjeCgry_FwvdWlKkcS1bP4VXik-JLFzY6s9ruE79zjz-ig==\r\nage: 7036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":6110,"size_decoded":6677,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"451745237cd6238434fc9ef02db24b20","sha1":"64e570c93605823ecbd84f79c513855d472e7875","sha256":"edc74dd7f7f552c584987a0dc5527156f213ae03fe93d9f8edb22018b17430d1","sha512":"6001d0d3ed52df16b44ebdb16834e5875d929b2f3d6b427c141a36b29c07ed2cf5a3c568acd09673dda3b9f61b331552bc048ee94f07a44a5c9c5485cca13303","ssdeep":"96:87SkiU/+1JhJdPUqvk49AJqLXDYicGhkKF7XekKH7Jz0V4AzMQ54PF2pQzSVN2IW:WSBUsJdPR9AJYzYicGhkKF7ukk7JYVqX","tlshash":"15c1aea641713318a94940e8e6c6b94b7f661d2f97b16801f849a2bc6422034d6dab57","first_seen":"2026-05-30T07:41:04.669153Z","last_seen":"2026-07-04T10:40:29.36465Z","times_seen":24,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.B-QZTiTb.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.637Z","timestamp":1783161596637,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.B-QZTiTb.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-f61\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3937\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3937,"size_decoded":4201,"mime_type":"text/css","magic":"ASCII text, with very long lines (3936)","md5":"3468fd367c2d5090ab1dbde39ab39133","sha1":"2557a1a34e1e6d34e9881be9ad2d260c3a0e4181","sha256":"1e27820352776c3d8b23ae8133e35f9e9ebba173296300611e1414cb79592629","sha512":"94084dbe1b7e937d9c56b1affcf45a8b48e9045646c682207b900208516ffc86ff0c17b9a6a9b501ede24809576c45a00fca596b058fa0fc8d4bda17c1bd3e52","ssdeep":"","tlshash":"4b81424126cb011a8877f753fee0c95e925df203ee374a8e7ad4649a85c32d138741e6","first_seen":"2026-06-24T13:33:43.000806Z","last_seen":"2026-07-04T10:40:29.366544Z","times_seen":15,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":361,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/3d8da6464ddfa921e58625b0494bbd3e.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.398Z","timestamp":1783161597398,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/3d8da6464ddfa921e58625b0494bbd3e.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.q4aH7iCI.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:54.016Z","timestamp":1783161594016,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.q4aH7iCI.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:43 GMT\r\netag: W/\"6a46723a-26b83\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:43 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158595,"size_decoded":29749,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"78cb5542000a554e2c6cbaa059109fe1","sha1":"31b2ad143b3cfa8c0eb3886bd1bb64ce86df4d01","sha256":"476d39dc514bec5f3174e2dbd59c2d4581a33767f427ae4f788888dcf1c160e6","sha512":"db9251f7854c35cd75c4ba1b6c864ba8c9bab4fc9a39b4db25b297e7158c68e9562a42d0b430243ae934ed1a155ac8941abc1f1e3257d31e335882d2786f8117","ssdeep":"3072:EciDp+SnQNqvMVLPjfV/GJqff9zq/tgFn9uMJBN5pH2349B6jXMoALIMSITqa9eL:epFnQNCMVLPjfV/GJqff9zq/tgFn9uMC","tlshash":"35f3b6616628603f7c3b90f2c1f4ac9cb21bf682df2615f5fd4951224ac26fa1e76b14","first_seen":"2026-07-02T22:42:57.280741Z","last_seen":"2026-07-04T10:40:29.367171Z","times_seen":6,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/MatchTimer.BV565ww3.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.822Z","timestamp":1783161595822,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/MatchTimer.BV565ww3.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-95\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 149\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":149,"size_decoded":411,"mime_type":"text/css","magic":"ASCII text","md5":"88bfdaa9674d5724b9b1b58cf09777b4","sha1":"e69c6cd9ded3f566ed84aa06b76c2bdbee7457ed","sha256":"0768337eaea3355b7268e8ce374e3285b2f25e3f9a9ad42f74cf590759079ff4","sha512":"c88702a0e3af6bb19e61a7c81aca65f69f2c09e3504f615b9ebafe75bdc7a8e0f82fd7ed01371a07aab9061464dcf106fdcfab1cf20b1e991c92636cf8509870","ssdeep":"","tlshash":"a9c08c960023862869a66c901d60a21a9002b643ea869345c8ca521bc8d71932ab0b8c","first_seen":"2026-06-03T10:08:00.151731Z","last_seen":"2026-07-04T10:40:29.368432Z","times_seen":20,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.CVNeAoZ2.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.638Z","timestamp":1783161596638,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.CVNeAoZ2.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-978\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2424\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2424,"size_decoded":2706,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2385)","md5":"0ad437b8fe52f15f9fc6b3bda69ff57d","sha1":"f0fe70e288311361914244dc475c907d25ff5e7d","sha256":"0e4ca4dc2e873f045c74ad0644aae05768cacc26e221cd34aba012c99191011c","sha512":"dc0d8d3bd3bde4c9d741fd47881cefd96cc5367b515c2bf969a7a775dc366222a843ea10b3f70fa359f3f8761d833fa886f24e0861402309cedf003a86026515","ssdeep":"","tlshash":"0141c5e3ecae887d59738854b4c20c61a90e3f86d02c5e5b9079edb563e2c307a0e4a0","first_seen":"2026-07-02T22:42:57.229404Z","last_seen":"2026-07-04T10:40:29.369091Z","times_seen":5,"resource_available":true,"data":null}},"time_used":464,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":464,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/1a66a976dcb87ccc0a36974e624f942f.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.392Z","timestamp":1783161597392,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/1a66a976dcb87ccc0a36974e624f942f.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/game-center/f/sport/querySportType","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.698Z","timestamp":1783161595698,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/game-center/f/sport/querySportType HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:55 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 1827\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16009,"size_decoded":2211,"mime_type":"application/json","magic":"JSON text data","md5":"73b01e2954442dc35cdf98704a1b39cf","sha1":"9ad6625567c037e90b2d5fef4361e165a2135240","sha256":"62ac6fa02af3dd5a0f0ca47a449985cfca5748aa53dbee9a865b8cbffab88be2","sha512":"b317e8b6c48d016fb5f9ee68e8a36eaf06c2a87c4de693bdfba3fbf440efc19fb931d08f21364dea6adeaba45c1b48c8fb6f524d246fbfadab8b885c1bb0ace5","ssdeep":"192:Hwitzi4ziTnimp7mfEgeEFEIE7cqz2X16ogFRaeOazaEa7p+5yE0EogAvi02ovH+:A","tlshash":"c1726dea139a5c8c670e1a7085832689fbdc415adcc67e49bddddf6d804c7b3130b29a","first_seen":"2026-07-04T10:40:29.369685Z","last_seen":"2026-07-04T10:40:29.369685Z","times_seen":1,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":364,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/vip-icon.cH3STq8z.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.878Z","timestamp":1783161595878,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/vip-icon.cH3STq8z.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723b-14a8\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5288\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5288,"size_decoded":5554,"mime_type":"image/png","magic":"PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced","md5":"33483e43b5818f1ba75440c0efdd8319","sha1":"26e0799e259421edeebebb5623a9b6ed137bacf0","sha256":"b42fe7b7c3c8fab256435e67ca977667e3353f7e67bbcda10ddf2b5cc13deb87","sha512":"6561643e312a096d23b7e7c2474ed59a756077f1760dd4c5dff732841c1b04b1ee739e19f324b310c5b620351dcc01e4aa5f63bda33d419528abae6a1c747f81","ssdeep":"96:vtAyrUtuis3gNlCzZZgcrL17p3frv7zgzOytFAp4nVltq0U1qZ2sLh0OEnAqz:FAyrUtuPguNGc31t3b7czk4nVq0U1qjg","tlshash":"82b18dc17b4bf14ae24206c11b926c5beead22c5f7ce6a4b514288204c93fa6052a312","first_seen":"2026-05-30T07:41:04.815975Z","last_seen":"2026-07-04T10:40:29.371037Z","times_seen":24,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":154,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.lIEGvvnq.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.562Z","timestamp":1783161596562,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.lIEGvvnq.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-812\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2066\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2066,"size_decoded":2348,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2065)","md5":"1cc25558794f4fdb2b8eab3dc9b49f03","sha1":"0bcea268d7c81f046dcb94fbc346005600461e6e","sha256":"a8f35b471adc5f4221402b9a2231c18c64c8822546bc1e21722684466661905c","sha512":"c3ac477636704b35c86b584e4aa024e86d5b047f49949f42b6c8dd1895158b3bb07c3dfe36c70c7a38e29fdb22b5ec196d81e9f2273992dda7c96be38355d4b0","ssdeep":"","tlshash":"544152897039a4bd47752a5ac534026637261b0b312b88f0f2680e0e3375ec6178ffe7","first_seen":"2026-07-02T22:42:57.212276Z","last_seen":"2026-07-04T10:40:29.371602Z","times_seen":5,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/92a8bf2c433c6be6777c989d16d46050.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.421Z","timestamp":1783161597421,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/92a8bf2c433c6be6777c989d16d46050.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/loading.B830RxXH.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.670Z","timestamp":1783161595670,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/loading.B830RxXH.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723b-7729\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 30505\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":30505,"size_decoded":30772,"mime_type":"image/png","magic":"PNG image data, 427 x 427, 8-bit/color RGBA, non-interlaced","md5":"dd5fe17816bb2af0998194c5888155b4","sha1":"54228f6bfd9acd8d2ba1ebacc60459a6be90904e","sha256":"0e789d976423d62c631a38975acc2a720004f476db063b5bda08b6462a39cc82","sha512":"2895d42854589708e4d011956259d6654e0b115e386b32ec393c6f46bcd0181e524e52ca437c6a3469a0e0255992fdd2f1cd2df2a8740789fba5c70033e079e0","ssdeep":"384:Jcfn/YQWBPY49lgXZhTOO8W4fq6eFYmgBSOdBeUjBO5pqIY2MZiOLa09e6YEtnor:kUBljgpcO88R6mQSu0pTLbcipEGnq/C","tlshash":"bdd2f1fb2802567b0e3fc89d8b1a46c2b70b27038d6fe444d4a45a7d972afd85f72644","first_seen":"2026-06-03T02:50:08.038021Z","last_seen":"2026-07-04T10:40:29.372159Z","times_seen":22,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/RoulettePanel.Dpimhcgp.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.574Z","timestamp":1783161596574,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/RoulettePanel.Dpimhcgp.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-db4\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3508\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3508,"size_decoded":3772,"mime_type":"text/css","magic":"ASCII text, with very long lines (3507)","md5":"f8d0155317be3dcc160751d23cbd2c4a","sha1":"733832df39e7e16b52d1332fa42781a63fdeb2fe","sha256":"6daa31ad51daff8cae583da2afd298b724c77013afc0122368e0cd438b49245e","sha512":"55789d98667becd58cc65d3c6e0e36f9d83d2f2e92aa6a016620f52751f498fc6e8752b2881ac892ddc8f091f73da465f7f68783236a1b532c29085e90de9891","ssdeep":"","tlshash":"3c71dd20952c2104c67ff511aea8ab8d013757435f3f18add2940c6d8fcbea52abad52","first_seen":"2026-05-30T07:41:04.784316Z","last_seen":"2026-07-04T10:40:29.372808Z","times_seen":23,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/useRewardModal.g4gZ3DlD.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.587Z","timestamp":1783161596587,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/useRewardModal.g4gZ3DlD.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-16c\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 364\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":364,"size_decoded":645,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (363)","md5":"23a767a4ff3d9dbe23ea14fa47a121b7","sha1":"da78e07c62e8a0d5e4d911bbef78b708d8920d95","sha256":"c4c244485e71b0235830c4dbf8514c4038456e863a61068eecee8fd623b23aa6","sha512":"f1331cb46db56d0066eb98ab2105d4ccb03678965bf672e68fb89073a4534099fde698b8d13c30d9e1de5e19ef00d31cca2002ef5212a9da26b5ee44a4cbafdc","ssdeep":"","tlshash":"fee0c0abe0ca57f8243e198ba138057801d4148975ca8ec4135c0ae6072e2d2d02bf03","first_seen":"2026-07-02T22:42:56.992036Z","last_seen":"2026-07-04T10:40:29.373424Z","times_seen":5,"resource_available":true,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":469,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/KOG.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.861Z","timestamp":1783161596861,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/KOG.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6775\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: eN0UiF3mfitmmc.TmZQ61iR56yNKIAzQ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:46:01 GMT\r\netag: \"ef01571b3dc1dad6a7e1b59873ed5066\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: G-Su_jWCm2qn2ZrAaQi0u4aRjjmEn8NhlZ1Xchxen7dCXlTdi-CFZA==\r\nage: 6836\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6775,"size_decoded":7342,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"ef01571b3dc1dad6a7e1b59873ed5066","sha1":"fcea204f380781fb7d4ab147e5dadddb8b17e4c4","sha256":"0c842bf04b667cb9f5aafd5e48a0b45baeacd3b3f87bea39bd42df8813d38c1e","sha512":"350c1123075bca3c19374106f0aa4667416ed2d64281128212a75b435d5e3c97f7a66f6abeb70f26ecde31a3c569235057336f08e0388f7aa766220d02f194ea","ssdeep":"192:WSu26Hs03MhG3CG85goWSWbmxUQoNEqX3Fzwsl26Q:5uTMkM5G85goZxUDFDYT","tlshash":"6de1af1ece2f16c7cd3e942442d17b73687b8aa539bcd8b87859479011e4865d680fc1","first_seen":"2026-06-24T13:33:43.043204Z","last_seen":"2026-07-04T10:40:29.37405Z","times_seen":16,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/7b0b1e3edb74f9b464ce9523f58323a6.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.394Z","timestamp":1783161597394,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/7b0b1e3edb74f9b464ce9523f58323a6.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/config.BpcUrZ_O.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.815Z","timestamp":1783161595815,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/config.BpcUrZ_O.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-710\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1808\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1808,"size_decoded":2090,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1807)","md5":"8ce1fadea8c88bd580d9afdd0bda37f5","sha1":"aefe3439b51d025b26f915d45eeec3433e2b3ae2","sha256":"3236f2722f428e539a1b95e01cb461b55df5800df94932c351fb42a9767e90f0","sha512":"ccd01d2eeca96368b05f541ee6b74defc95349c0d522790561c2d528b86e1514d87d6a81b9096c9a1f3276072c7da0252c909469b108c7ec5c9cf2ae4217fda8","ssdeep":"","tlshash":"dc31209e8b6338de09f20e5494db0f31d41c0309ed268825e3efe63ad502e816227e35","first_seen":"2026-05-30T07:41:04.696534Z","last_seen":"2026-07-04T10:40:29.374818Z","times_seen":24,"resource_available":true,"data":null}},"time_used":552,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":550,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.ChlfHcMy.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.639Z","timestamp":1783161596639,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.ChlfHcMy.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-1234\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 4660\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4660,"size_decoded":4925,"mime_type":"text/css","magic":"ASCII text, with very long lines (4659)","md5":"f72a9bcb12754997afc6ddfaddc7d410","sha1":"816b6c648ff7bceccc83871af5a82fbb3e0e5c97","sha256":"8320bd9f01d21694e5091c718808447bb5e609bf1040761c3d66a1af8570cc51","sha512":"a268cc8063b9b581d411b6c678ceced5d8b0d4795ff4f115a1daaa8d593ed6fa69047b320990fccced24b84935bb5422e463a1be22182816f8a5b95c410938fa","ssdeep":"96:QrH3Kcmumhoz9J7NX+BYO11ZBDyACPhbK683AzF:Q3rmumhYMK7AE","tlshash":"81a11f61b0ec606d3e2fc35868c2de6f7109f1e39f121d4cd55da2fe8ad2ba63562184","first_seen":"2026-05-30T07:41:04.819383Z","last_seen":"2026-07-04T10:40:29.375503Z","times_seen":23,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202607/b3151a8e011d4e529168e946b8371a1b.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.092Z","timestamp":1783161598092,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202607/b3151a8e011d4e529168e946b8371a1b.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 71181\r\nlast-modified: Fri, 03 Jul 2026 11:13:23 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: HPK35pRRgZ.70sA50sJhFOF9J1cjbPrG\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:56:28 GMT\r\netag: \"defa043ffaddc574ccbc28dd792d5a51\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 6dN-iFrX2CjVoOQZxqrZYjigfN8GigoYgVeCQe4Mttftq44y2iT_EQ==\r\nage: 2611\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":71181,"size_decoded":71749,"mime_type":"image/png","magic":"PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced","md5":"defa043ffaddc574ccbc28dd792d5a51","sha1":"d3051bc79417591a21ba6348079b0466df37c2b1","sha256":"a473e72430259c0fd51c28c97c66a3ba2e03841d37e7eac195065c0b6e84d6f3","sha512":"e2cb8bc9eb7ee54b51fbe74ab97c630d79c09934ad3f308efcc90ef81103c3da062de65f7c147092e00b00445fb5035cd2fe3fac2facb9b513514d958ddb9436","ssdeep":"1536:2rS1vl5f5am13NncFdqH6Fum04o1gOopqUqBD5NnnHFozK:US1v/f5ZKtJ0R1gqBDzHWzK","tlshash":"45630280a3dc118e5d5b882ef1825e28283feb95960bbff7ad7061213d75c3515697f0","first_seen":"2026-07-03T21:52:09.59212Z","last_seen":"2026-07-04T10:40:29.37634Z","times_seen":2,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/member/f/common/getVerify","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.676Z","timestamp":1783161597676,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /api/member/f/common/getVerify HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:57 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 2329\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2329,"size_decoded":2577,"mime_type":"application/json","magic":"JSON text data","md5":"dfe7a21d5b1a2487bb89a5077ea13b37","sha1":"ca7dd03943738a6a94554e0251b49938bf2dcfc2","sha256":"e3d7df2a83abf1387c4963e1e6645b68b75e3413e667b14fd183563b6ed6aa83","sha512":"f89482f63b53c97fe7fb71dab75128c17d4043f0506a91c1c2e994063bc805db7ecfaf535e4c68506c1374b2470309e6196bc1aae64eb95c61f6e615ec8348e0","ssdeep":"","tlshash":"90414de322cc61e102e3a9fcce9fbc023d42a930dd04e8509d4c1b177f45da484756ea","first_seen":"2026-07-04T10:40:29.382936Z","last_seen":"2026-07-04T10:40:29.382936Z","times_seen":1,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":290,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/ChevronRight.D4HLqNxn.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.630Z","timestamp":1783161596630,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/ChevronRight.D4HLqNxn.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-21f\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":543,"size_decoded":824,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (542)","md5":"632147dcc39dde9325e2c805ca439daa","sha1":"82340470c7aa83da87aaee782708df7d7e543535","sha256":"4a21f07a97be13e55515d19b4a4f48b3f139066f68dbd9e9962c7654f58b5839","sha512":"8905bdae7036934c9dcd7def3cfd2da6ec329d3855e3a363ae476008ac0e5b2646b7dc0c7a2b6074a698da7313a9a643429f91443b0f21cad64915d481fe8e9c","ssdeep":"","tlshash":"baf08bdf93d28871c910aa21d1a19041cf5914fce641cfccd22007249923cc52d0fdf1","first_seen":"2026-07-02T22:42:57.07874Z","last_seen":"2026-07-04T10:40:29.384699Z","times_seen":5,"resource_available":true,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":431,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Volleyball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.821Z","timestamp":1783161596821,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Volleyball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5582\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: D3dLQA.qVr8ZNvsvDBstg.I4sNwnK5xF\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"86902d569e448113497dc0cf585ab082\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: m0o-tvpDlkw7qYsbtt78QZipEbesAiHNGzcZ6Vs8bV_gnoAr5sH6Tg==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5582,"size_decoded":6149,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"86902d569e448113497dc0cf585ab082","sha1":"7e88eb53521c76762459bea347df3f3f4e9f894e","sha256":"d3f642e8e875fa8af7f9247ed241b08f6f5f6a2265bde5a681df710d09603dfd","sha512":"6aa6e48faf436852e01877b3cb37f13ff65bff355e5226093f200f82162beb047f39ae3e3f5c80bb88718b1411d175572b02155904a9300d0d6d39ce1a4073f5","ssdeep":"96:87SkNxk44OR+XMWK0Yj/2klaXZybbyU6oBdCzTA+94n7GVvbhUdmKh/YUsIoXLo3:WSh4XiMWm/2klapWj6L0++7GV1Ud9h/f","tlshash":"50b1afbb16be143e2607e53dd10df803dbd8abc8e854bfd858920ba1902788c31387c6","first_seen":"2026-05-30T07:41:04.823417Z","last_seen":"2026-07-04T10:40:29.385304Z","times_seen":24,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/88d209a9afdb94c2f4c0f8a2a09240ee.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.402Z","timestamp":1783161597402,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/88d209a9afdb94c2f4c0f8a2a09240ee.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T20:30:36.525225Z","times_seen":16984070,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/667a68b1f3b74f69b44a2a1e216f6886.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.150Z","timestamp":1783161598150,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/667a68b1f3b74f69b44a2a1e216f6886.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 3324\r\nlast-modified: Thu, 05 Mar 2026 08:41:28 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: iEZ0lt14UjbN84d8ZvSAf3q6DfQN.2HP\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"40670be4b6315833e88170e5ec0404de\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: w8cMycoedcqDJkyfizJNs9ntsyoBgnZDoTddJnvNwIJ6yxkiUM-8mw==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":3324,"size_decoded":3891,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"40670be4b6315833e88170e5ec0404de","sha1":"2d1ff4cb1c18bc4c444d5ca0affdabc6f6608f43","sha256":"3965155417ee077d1175925a5784b987353e3525080a28e3a304c9d3d8da98c1","sha512":"b2318f2f77641dc69e20fcb86d90d053c99e8a7bc42379e8f4c8376b39a431bd7c6e531e345bc6514fea5729a86715059ba1f3fa1e21874a34abde3317fca91e","ssdeep":"","tlshash":"67617ced5e7616238c0e442e36f97648a4b72cf07c4f9aedac40669300811a7c96f8a0","first_seen":"2026-06-28T16:04:36.738393Z","last_seen":"2026-07-04T10:40:29.181049Z","times_seen":3,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/use-notification.CqNmJ1-y.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.549Z","timestamp":1783161596549,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/use-notification.CqNmJ1-y.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-bd\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 189\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":189,"size_decoded":469,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text","md5":"052ff1553f44863d3a33bb8bc7647527","sha1":"756f0b1f12c45bc66eab42d78d5d0ccee04ff269","sha256":"e917ad61fc7dad519a60385ab7332794b76f98f7bbdbe7dbca5bacea8b69a1eb","sha512":"779aac4a09f61ff0053cbf9845b5451a13841e6b4e5d0a2d9f303adecec58eacb889378fb8c388cedd7aad4dd3b87079a88fb6cb699fead90b3766812e55c5ee","ssdeep":"","tlshash":"3fc0229f304562b01bc205b364160c8d41634a082b440bf0028f053067122b0830fc8a","first_seen":"2026-07-02T22:42:57.147403Z","last_seen":"2026-07-04T10:40:29.385927Z","times_seen":5,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.B9AsewNq.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.572Z","timestamp":1783161596572,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.B9AsewNq.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-456\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1110\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1110,"size_decoded":1374,"mime_type":"text/css","magic":"ASCII text, with very long lines (1109)","md5":"e500f6f309458ac7e1d5468075f56f17","sha1":"b915e856bdd865c9e9243cdda030d3bed29bf660","sha256":"86a0196af368f216e174073bef4cf5cd6cb881a1a90a7620e85c32339e7603b2","sha512":"e0489be531affb81403c2b281c4d47c2550b05f5e7d47632ab9b16207e32d6c15f53bb40a05f9ab2c6df880bf1b223832f0c3c7623e22c77cc68a8fdcfc12932","ssdeep":"","tlshash":"e7118ee172d7e0285c7b441364e12e7e051ed244730a0ea8cf2ebe39069d1cf3ba0565","first_seen":"2026-06-24T13:33:42.989548Z","last_seen":"2026-07-04T10:40:29.386534Z","times_seen":15,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":423,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BSAXl5AS.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.610Z","timestamp":1783161596610,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.BSAXl5AS.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-8603\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":34307,"size_decoded":12355,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (30614)","md5":"c41c8095db7b9cf819bbc15e515fc3f7","sha1":"a6f502c8b5e0869952087ca9dffa2c2eb1fde4d6","sha256":"5af6e10d64f8ef67cf9417030b11f9f8bdcb431d933e0c61730f279e62fa5224","sha512":"78e0e2a67837a92cecb607b967c3ea09a3a5a465a4b271abddd14eece939201d011543aef0382da0482c75ec66d3995b77bb68ec118dde4a89d9f854b1a92183","ssdeep":"768:uQoVJBBn/LhRVlUBH9M0aKKmKF3hRtFanj6F6bf+Qht0q/Wcff46aU:GVpVOBpeh8j6F6qQws46p","tlshash":"17f2395cb0256a7de3b79485703a204492292f9cd820c8d3f5bf8c7127c9e6827de7b9","first_seen":"2026-07-02T22:42:57.048867Z","last_seen":"2026-07-04T10:40:29.387187Z","times_seen":5,"resource_available":true,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/success.B7fR5wmE.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.547Z","timestamp":1783161596547,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/success.B7fR5wmE.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-976\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 2422\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":2422,"size_decoded":2704,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2421)","md5":"861edf6ccee12de018680dc5b5ff70c6","sha1":"7775194f46f290b518202bd71a4b63498069763d","sha256":"bd59e568ff6effdaa322fcb9a75fb145d6366fd9ed36403ea87fe64b1ca46d58","sha512":"c527618385c565d1be5f860c12ed44aad86d37e01dfb963c6746bdfe2f5540afefc1bb36b46b35d2447eb5bf61f4451cd5f11208821a00ebb67c78e51f165efd","ssdeep":"","tlshash":"1741947c851b6e78983c4d5b0b283d21d826a2bdcfcdbc475d865200ab345075ca5ced","first_seen":"2026-05-30T07:41:04.658352Z","last_seen":"2026-07-04T10:40:29.388443Z","times_seen":23,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Basketball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.811Z","timestamp":1783161596811,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Basketball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5959\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 3OtOrIhZG4JfqO.RU.6In1I_8ugtlVjQ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:45:53 GMT\r\netag: \"8d90e7664426abfeeba59784511b8902\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Hkr-3yoehTU2DV4pgFQlpvjeAeJVm_HcMo_LrsSXqQHr5_DIhW-M_g==\r\nage: 3244\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5959,"size_decoded":6526,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"8d90e7664426abfeeba59784511b8902","sha1":"b0b908e519c80310bf529b580cda88d30f963af5","sha256":"12550c42bde3f47cee280151ac6f6bda7047578a222cd6f945c6443a3f3c72df","sha512":"308d8f169ea4e86fe30feaf4827c7f77b1412720fb89bcd7970f73d5d0484bfbab344fc5273813025ab4f5f667de3f4fbb6f395491405bfb0c2d7cbf59b455aa","ssdeep":"96:87S0Y7dZMwBx6ArzUI83qXQ2jFunOx8PqJgJhkR6cZQGGArayG0TbGw/C/5Z9w:WS0OdewBFZ22xuhPHha7FGAAEb0RZ2","tlshash":"bdc19e6038a5a7513a45306a11961cd59265ccc89ca232cc3ff2fb5987dd6ac7085b38","first_seen":"2026-05-30T07:41:04.652837Z","last_seen":"2026-07-04T10:40:29.389063Z","times_seen":24,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/video.Bv5D9_Td.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.819Z","timestamp":1783161595819,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/video.Bv5D9_Td.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-39\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 57\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57,"size_decoded":336,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"718063586df6dc66587fbd457ec5f4fc","sha1":"388405a35f553a05a7e8682e767b288db16c0daa","sha256":"c69902672eb03df339be1ddacada47060eb42bca1ccf5f5efdb38fba69a9aaa2","sha512":"260bd3f8c16fdb74e8548a50abb047a9dc2e77e528173048b63b42687413e0a27a9d4f15be052755de672c2238ce48b6304a6c2207e3f8a12168775cc75975d8","ssdeep":"","tlshash":"689002295c01836024954069af9289699411851a32750694d0160941a319456566c565","first_seen":"2026-05-30T07:41:04.641841Z","last_seen":"2026-07-04T10:40:29.390514Z","times_seen":24,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":773,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/game-center/f/menu/getHomeMenu","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.697Z","timestamp":1783161595697,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/game-center/f/menu/getHomeMenu HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:55 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 18772\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":291610,"size_decoded":19157,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (63672), with no line terminators","md5":"69174bf2856756eb74bc63bc16e07496","sha1":"59c56949c5585bc4d9fafda340b573aff0628501","sha256":"902a974b20f05b3439f78268826309ec84927a9337074cce83e0ad72eaef48b0","sha512":"ea3a412e2a5a52d3685a0db25493ee3577a72e02186585ebb3906ea9495c5ee0ba895b9d2cdf7ff26a650a23bc6788c0e9b2cd87e48a0da8ce4da3401db1ea1b","ssdeep":"1536:ZcsNNGQzVNk+tlZvgUfZEXuayDNY62ig/wLQ5aQK6vAEr8eNKTrARO:0y2igoLQ5aAvAEr8eUTt","tlshash":"dd548ed99718dc0c872b11f229db76c4f6ed620bcdc0ac65e18e9f6ac6e8737930154a","first_seen":"2026-07-03T21:52:09.623014Z","last_seen":"2026-07-04T10:40:29.392349Z","times_seen":2,"resource_available":false,"data":null}},"time_used":374,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":322,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/useCommon.erQ0ATtd.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.598Z","timestamp":1783161596598,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/useCommon.erQ0ATtd.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-3cb\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 971\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":971,"size_decoded":1252,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (942)","md5":"833ea29516cda2a1170cc300dead87b9","sha1":"7eb4286c8850e351377a0864de5d02156a4b14a0","sha256":"fb7a27ec1ef964938a11fdfbc39b51b58cf3210de61063e83ccca468d6cceb02","sha512":"984890e7c9c2abe316f791deeaf3595e1aecc4308fd3db8a29147518a320a95a826f508d85b189cf7b6cb5496756e681d296de42afbac303c2d56b57ec34d6b2","ssdeep":"","tlshash":"021150ae2f6c1cbd912858f87a4b48124216d6892e1ccac1b04f0d19b19de40ef76fc6","first_seen":"2026-07-02T22:42:57.101476Z","last_seen":"2026-07-04T10:40:29.394368Z","times_seen":5,"resource_available":true,"data":null}},"time_used":503,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":503,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteActivity/202603/e28dfb01950a4f82be2f3b47adb55449.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.145Z","timestamp":1783161598145,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteActivity/202603/e28dfb01950a4f82be2f3b47adb55449.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5497\r\nlast-modified: Thu, 05 Mar 2026 08:40:25 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ECxEWQtJYXctqPbCZ_Gq6Bj58WEi195F\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 08:57:02 GMT\r\netag: \"65051acbe50a0e90b9a3b894e1eede9c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: VYCnEbVIikmbb70hjQZtfSm5LMyTtp03yjclK7zNpGaKkkeVDFfE-w==\r\nage: 6177\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5497,"size_decoded":6064,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"65051acbe50a0e90b9a3b894e1eede9c","sha1":"d42dd665f01d9dff7d9ca079c8e26fc8f549dd04","sha256":"ff3f28a9f2e1bd82e5f34564756ad1575d4ef48aa352436f88456476fd9f16e6","sha512":"dc936dc85a39d08931355c7d5e051058d0b7275bec2437c8c28b126e0637a6e4e7b1d78a495c97980daca17a374cd4ac511f6b3d7cfaecf0cee8f27bc5e18574","ssdeep":"96:9ScN3T576g8RvLkeyDojba03QPopsxi44WYRExmfMkAEVdQLQWxgSlWtsN4Lk:9S8d851yD8z3QiHWmn1dsQ2Mq9","tlshash":"dab15c816a49a878f77afcf542b67124ff2fc8fbd6831092a09959089175e79852e108","first_seen":"2026-06-28T16:04:36.70234Z","last_seen":"2026-07-04T10:40:29.186563Z","times_seen":3,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/index.BCZTT1m6.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.570Z","timestamp":1783161596570,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/index.BCZTT1m6.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-56f\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 1391\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1391,"size_decoded":1673,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1390)","md5":"bffdc9b4554e951cb7e63dc5807483ca","sha1":"4cc54e913997a6868aebfb7ebfdeb28d2cb30836","sha256":"1cdb695c2ea65b893abebd3a31828a4430e94d395340e7eda0e98006c56575b3","sha512":"3324cba4809195308692247916dfb9f2b24a9cbae67511106dfcd6183b7acecac88e377d65e65015a0098f2c0e4cc03ecde9be5fdab07c3278146bcc509ddbe6","ssdeep":"","tlshash":"99210f1cec0ed5664af34624a9084e001409cf3ee6392dd059ed763d17ee2b866ce76a","first_seen":"2026-07-02T22:42:57.179347Z","last_seen":"2026-07-04T10:40:29.395101Z","times_seen":5,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/site/f/siteNotice/queryList","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.678Z","timestamp":1783161597678,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/site/f/siteNotice/queryList HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:57 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 2963\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10565,"size_decoded":3347,"mime_type":"application/json","magic":"JSON text data","md5":"4699a1314b329e3378e192bed5bb3c77","sha1":"a836a9983e855a59aa39ce6c8c0e099ae77d9baa","sha256":"bfb236d32cd3bb671f69bbbc3ba3143af60cb566aab559ad449153dd9fac9837","sha512":"9798fd7c069a381459e986446e61c308e16f92d6a71b0491d66ae6f6518d1ba7d1ac18abd8b36e51fabaa43c8b9048665838737869fc8d09f0d83cec0d6b6402","ssdeep":"192:jXsT5mi5ACmTA6o/cCITlx1MYJCotT2fO2kCVTouwRCXHT1qGRS+TumSfiXKUT8W:jFl2I8","tlshash":"a322651f87f9e96d9e8902d262e7ffed57852943c0d0ca9c71cd6e1e948a973120a313","first_seen":"2026-07-03T21:52:09.550178Z","last_seen":"2026-07-04T10:40:29.396926Z","times_seen":2,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/PersonLoginAbnormalModal.BQ-xRGwh.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.597Z","timestamp":1783161596597,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/PersonLoginAbnormalModal.BQ-xRGwh.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-2bb9\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11193,"size_decoded":4586,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (10120)","md5":"82812177bd6f515c79c34850449ad392","sha1":"55e455bf9c859eba34b00e53b61731e6eed89ccd","sha256":"a36d80a5346ef1ea78b4ece16848affdb5eff9875bd0371ca845d8f1070f410e","sha512":"b0b91b1c106579a5ef68263365a8eee3fc26244408909bde294250cd00219f85a09040d75464867a87b3fa121fbdf93fa302c8d39e87352579704b88a1c3e273","ssdeep":"192:8uFkminwhdsWzw4swSfqCDd1Wi2vUfk3ERuAAcNN+OprSqeMVe:FFkRnwhmcwlfF2vUfk3ERDNNjeM0","tlshash":"2732191c313ae77d3f5b5020b1a86098900c7f9ac518dcd7e9be4c572adaef446c5789","first_seen":"2026-07-02T22:42:56.948356Z","last_seen":"2026-07-04T10:40:29.398268Z","times_seen":5,"resource_available":true,"data":null}},"time_used":506,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":506,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/Tooltip.BFzxRfd_.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.628Z","timestamp":1783161596628,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/Tooltip.BFzxRfd_.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"6a46723b-3c9\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: BYPASS\r\ncontent-length: 969\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":969,"size_decoded":1250,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (968)","md5":"f023f1c78335496eebbce05a50016fa6","sha1":"ec2e5a7e9ae5603fa077e01c65753304e0d6fd61","sha256":"bc6b0dd8e5d7652d1bd03706c4eda197649eaff9e3cdcf49aa80e9ec55dd4744","sha512":"e17ff6ab95f47aec4c74c5ce8fec73f56f06f877398b1f26df9bb0f15fd8148d36281bbe75a40bcd5566d2a5fb308ecc28ee005905c3fa539535c86f1124f3c0","ssdeep":"","tlshash":"3611bd1de88184b4077a30cde43a4a14fb172749a856f2c2fe37598a6145f42cbb5e65","first_seen":"2026-07-02T22:42:57.117521Z","last_seen":"2026-07-04T10:40:29.398899Z","times_seen":5,"resource_available":true,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/js/homeLeagueOddsColumns.BWSR6yKm.js","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.818Z","timestamp":1783161595818,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/js/homeLeagueOddsColumns.BWSR6yKm.js HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: W/\"6a46723b-79e0\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31200,"size_decoded":9850,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (30969)","md5":"45d7ca4836c74586919acc63b45ef899","sha1":"f49a072d41864cca570ba41a84ee0e33da9a24c1","sha256":"8e75cfde4037d7d446d16aca662e066c5451e111f9856ae7026bdfaaba62ad76","sha512":"0f4ce8687f7d581a5b880778330f7fb02df632758546ad0ac8133ed242ee5adf976e85c141952a5fa40d8340837436cf62b2981087dc4946d01b79c4d18f7bd3","ssdeep":"384:2b4RQTWhP9ftAYRK/P5jp5yYjnI4HUZJvZOaAzBhfDfxelmsrI3:2brqdVtAYK7MJvZOaAzBlDL3","tlshash":"96e2e858a02799bdb4f3908464644092f44c7fe7d104e487f4fe5e2627cac696bf8bb8","first_seen":"2026-07-02T22:42:57.086566Z","last_seen":"2026-07-04T10:40:29.399719Z","times_seen":6,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":546,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.876Z","timestamp":1783161595876,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 19082\r\nlast-modified: Thu, 14 May 2026 08:14:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: S39LZ8NSmlDenJOFtG0zb6.hOch3VV0l\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:38:44 GMT\r\netag: \"89cf62dcf1f3b745254d922a4183a8a8\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: BjQJsgaje6REtPPfAR31ISPlMoOVdJaX0ln0BXB-qhKqcvnaoZ04jA==\r\nage: 3673\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":19082,"size_decoded":19650,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"89cf62dcf1f3b745254d922a4183a8a8","sha1":"4ecdf9286bad59c3ccb06b769dae7263437d7921","sha256":"53970ef4b20c0107f9bce41f75957df2c51a6f10729036b594439023b641c3b6","sha512":"689d0375a37b75f4b5b47bde60454de99ffd19315720e4d30bc15f4d00060b89c5c5d7340e1181d45e052edef7b75b690cebf0e5d5e13521b458626ea223e8e0","ssdeep":"384:Pccccczu6TRDbcKxiQZ1XiuLrLdv250/nA633Ycx6JJsshprcL+gSYDBOK5Kf:25cEiaPLrZvXAXcx6JJLhnghAY4","tlshash":"9282e1cb8e02ca5cdd1590de8938a2a11748c2b65afff4c0cfc518ea59565c03d7287a","first_seen":"2026-05-30T07:41:04.8457Z","last_seen":"2026-07-04T10:40:29.401351Z","times_seen":24,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":8,"connect":2,"send":0,"wait":24,"receive":0,"ssl":220},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteConfig/202511/8e9b1b0d8a84420f8d48643f6fe63ed1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.014Z","timestamp":1783161596014,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteConfig/202511/8e9b1b0d8a84420f8d48643f6fe63ed1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 21322\r\nlast-modified: Mon, 24 Nov 2025 13:14:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: cVVWv0JlR1oB2o4Xw.GZIhrlrtqGCBns\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 09:56:27 GMT\r\netag: \"fd43cba637436f0ff41272148a952a5e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: aDhyHdPUcaIVtAY4qVF0nzz-0usjElSAWTm_6toX56WIJ92G7oi0mQ==\r\nage: 2609\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":21322,"size_decoded":21890,"mime_type":"image/png","magic":"PNG image data, 368 x 100, 8-bit/color RGBA, non-interlaced","md5":"fd43cba637436f0ff41272148a952a5e","sha1":"0998ae892c19d573c094a1f4c022a87afa8d0c0f","sha256":"09dfc6b2d54a842fcef6f9456b94d9b88d3bfa54a6353071b3eb32d297123cc9","sha512":"c8196a56814ab34df47495876051a96c29beb5d24257427c4d142897a197925f74b6eeb2664161d3e6ef7e1c6e6715925056bceb97d1a7a8f659960528a2d192","ssdeep":"384:awVuWMK8I/0eisfqUdlDBHDF2lc/n+0x39pVIwUsKAqsDbWwzmpER3:TuWMKNEXUXh4c/n+0x39pVQsLnzmK3","tlshash":"49a2e161bf5cd7d4a93b30dc0a238260d7e7d326d61e22dad3412b41aa54b73127cb99","first_seen":"2026-02-24T07:43:44.885844Z","last_seen":"2026-07-04T10:40:29.401925Z","times_seen":41,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.D4fNHM_5.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.552Z","timestamp":1783161596552,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.D4fNHM_5.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-2f7\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 759\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":759,"size_decoded":1022,"mime_type":"text/css","magic":"ASCII text, with very long lines (758)","md5":"aaa5eca5d46f37840effa67bbef696ea","sha1":"7baf91513b0723056512685ab04a61163ac6535f","sha256":"3c2716adbf811567dd5b9876e5a95c826cb22dd64e5b1aadd104026c99a1688c","sha512":"167a3143db3b92e81a2e0c52e2ed297b065ccbd3eb40b90cc03294e2aa77669f1b14e5849be90d88415d919f7da7652919698062498119ba3553592501edf185","ssdeep":"","tlshash":"5001bd162d1ac13e406fe187a9619dd402317683ca400ef9d6af70b05dc74d2622aae1","first_seen":"2026-05-30T07:41:04.765745Z","last_seen":"2026-07-04T10:40:29.402471Z","times_seen":23,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/index.lS0Y1Xj4.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.613Z","timestamp":1783161596613,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/index.lS0Y1Xj4.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:45 GMT\r\netag: \"6a46723a-bcc\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:45 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3020\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3020,"size_decoded":3284,"mime_type":"text/css","magic":"ASCII text, with very long lines (3019)","md5":"b9fbaf3e803cc55a459aa0a5f6a1d4dc","sha1":"ce69c79c09df9ae9c2606b659edd0527e0f55e55","sha256":"e47727f1ed3ac296a45f4212bb90e17b1ea4ea2fb92675f581043a9cf5851913","sha512":"82cd95638a06e8de6ad6478fc322cd4731227c91fbee5899791f847de981d5e541b66212c4f46b6e4c25d47824680d31905fa68a801acdbe374816b19788a109","ssdeep":"","tlshash":"2e513c227c69763f253bad37b96a7a183235fa81438315d1dc39838c0943bb56a8b10f","first_seen":"2026-06-24T13:33:43.078853Z","last_seen":"2026-07-04T10:40:29.402987Z","times_seen":15,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":384,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/css/OddChangeIcon.ByB84Dw5.css","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.831Z","timestamp":1783161595831,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/css/OddChangeIcon.ByB84Dw5.css HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Sat, 04 Jul 2026 10:30:44 GMT\r\netag: \"6a46723a-6c\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:44 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 108\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108,"size_decoded":370,"mime_type":"text/css","magic":"ASCII text","md5":"f42f73cd294d79a4c0eae64cb4640b76","sha1":"5001d70ac57e4062fd990fda72d585d65696fa6a","sha256":"50e27b1325c93748c3f85f41968d6e227188f18f0fe44bb0bbf58ccf8c34a6d0","sha512":"cc1696594dbc8b3fe1f3a855b7a519e178627ebf78aee6025af2d4046db149f0c1fd3e628cd912e3280f5e24e3798b9f276eab6615d888e916005c5f87114a71","ssdeep":"","tlshash":"e3b012405e19945831e34c01f0c20e7a2d24d7434934369092c01c6d85238af365c17a","first_seen":"2026-06-03T10:08:00.414588Z","last_seen":"2026-07-04T10:40:29.40369Z","times_seen":20,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/api/site/f/sitePageConfig/queryList","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:55.867Z","timestamp":1783161595867,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"POST /api/site/f/sitePageConfig/queryList HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ngfffgygt.vgho9-foqhfoq.com:15681\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\nserver: openresty/1.27.1.1\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 93920\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":575629,"size_decoded":94305,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (40898), with no line terminators","md5":"fe3693fdac258d398cdc8dcef866a34c","sha1":"92aac26b1b7af402dbbb8f05367e685015bc5787","sha256":"ba925311a4bf10b7543aa1abeb3d86256e0b11aa170b2d6603a19e9f51f61d54","sha512":"d67a139f231a75abec2267903dae7ea0da43d5288ea7bf48746248e6dd363ce659267eaf30d07281ae8114ce50262c1463e4780f21dd0a3be754f97ee5a4c166","ssdeep":"3072:M4HjkamEE+bPFzoNKI764j3zeJOqpa15Yt6eIwr3YfCKD9fHeK63VOwlhRZEjECi:7FzoXzbqpa1lBz84jj2","tlshash":"f3c4dd21c3b5e4058435d5ed927b276810d4430eef135d7eefe8abfca98e419392628e","first_seen":"2026-06-24T13:33:43.080963Z","last_seen":"2026-07-04T10:40:29.404253Z","times_seen":16,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":645,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/turntable-bg.DPnl-op2.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:58.124Z","timestamp":1783161598124,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/turntable-bg.DPnl-op2.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:39:58 GMT\r\netag: \"6a46723b-1219c\"\r\nlast-modified: Thu, 02 Jul 2026 14:14:19 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: UPDATING\r\ncontent-length: 74140\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74140,"size_decoded":74399,"mime_type":"image/png","magic":"PNG image data, 748 x 910, 8-bit colormap, non-interlaced","md5":"2afea6cfda9a3ee8d4161f6717c8fe52","sha1":"084e014b9fdf11cc0b251e8c90e2426cf4894f6f","sha256":"355f498f7b35f90fe3972f4f5f80031f110b911db7198c55e51d32b281d82f2d","sha512":"6f228765ba66ab408ea3205eaff774cb4fefd72c3408045585a86142e4b19f8bf442fa300e134ee620833154722423e446fe07f270f4363e57c18445754dbc41","ssdeep":"1536:L5kcCAuFgGzNiqfKcQclhwFE1PjiOeAbiEvjC7HFqi:1pC/hzYqfKcQclaaleAbiEbE","tlshash":"5e7312de40a0e3bdd8d10677b6e6c21f80413973cd6652b63964d1f3538288c09669f6","first_seen":"2026-06-28T16:04:36.7719Z","last_seen":"2026-07-04T10:40:29.404827Z","times_seen":3,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/pwa-icons-vi/180.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:40:00.138Z","timestamp":1783161600138,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/pwa-icons-vi/180.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 19835\r\nlast-modified: Wed, 29 Apr 2026 10:19:18 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: pyY8VSPFGKJP9EbQ_53QskcgoJWdec2.\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:40:01 GMT\r\netag: \"eff89b3168e3dc4083613c9287e6c2d3\"\r\nvary: Accept-Encoding\r\nx-cache: RefreshHit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: SpSYqm8IknbY_gT5k9qkLFoNXemNozyI4huH1dB1KL09SMA11L-beA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":19835,"size_decoded":20399,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"eff89b3168e3dc4083613c9287e6c2d3","sha1":"d5efdf2e4097be3ca411bff866d930549cb63a4c","sha256":"2f590b22d7bb194b40364b835235693826e87c74eae5e796de43aae80c917386","sha512":"4a6505b52e04194663a2d3ee9622069d401522f647ce66096cdbeb7192143dae60f11d2e6986f68b749441ae6ea249e169d4596b7f85926a7f6ce90e458c58bf","ssdeep":"384:re1b7OQ7xe3s/pVrtXqGAFUsEtrdffOw17/WNqBE3qc7NlmR1jvobe+4tfHvxa:c/OQd2s/LBXzAKNtrdnOwlWNqBcb2R5+","tlshash":"bb92d0dd147077788d2280a32b5928fb9c5f245766e6d03577b8e997becdf4aa2c4c00","first_seen":"2026-05-30T07:41:04.79592Z","last_seen":"2026-07-04T10:40:29.405424Z","times_seen":22,"resource_available":false,"data":null}},"time_used":736,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":736,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngfffgygt.vgho9-foqhfoq.com:15681/static/img/helpIcon.DXtWc6_o.png","fqdn":"ngfffgygt.vgho9-foqhfoq.com","domain":"vgho9-foqhfoq.com","tld":"com"},"ip":{"addr":"222.167.33.19","port":15681,"asn":9908,"as":"HK Cable TV Ltd","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:57.994Z","timestamp":1783161597994,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dh9-qjiohodfa9.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 28 Jun 2026 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C5:47:38:34:E6:5C:A3:87:B4:BA:EF:B9:7D:A0:2A:95:07:34:76:65","sha256":"FE:78:24:EA:70:7B:AE:66:4F:EB:5C:04:1D:4C:A3:B9:C9:35:EC:95:20:88:65:57:26:EC:59:CA:DA:9E:4A:33"}}},"request":{"raw":"GET /static/img/helpIcon.DXtWc6_o.png HTTP/1.1\r\nHost: ngfffgygt.vgho9-foqhfoq.com:15681\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/home?inviteCode=64298\u0026cid=118\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Sat, 04 Jul 2026 10:30:46 GMT\r\netag: \"6a46723b-1b64\"\r\nlast-modified: Sat, 04 Jul 2026 10:30:46 GMT\r\nserver: openresty/1.27.1.1\r\nx-cache: HIT, policy, disk\r\ncontent-length: 7012\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty:1.27.1.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7012,"size_decoded":7278,"mime_type":"image/png","magic":"PNG image data, 167 x 112, 8-bit colormap, non-interlaced","md5":"c784639df64797cf4c3c1757c34846dd","sha1":"89cb423197db444b0892e1072c4852221d971934","sha256":"265557bcbbde1555f6d1253bbfab5df958ea8d9920c071f74f1f4e49a38d1f25","sha512":"fe33c6c1931263ceb6602ceceb63a87c7b45067ef44b3573959424487bde84e3a6953b8199c19fc4ffd54be1c2c6c929cd7cdba468c087418f3884a0546eb9b2","ssdeep":"96:Ri9I663eoO2tk4BHWENfpf2A/7pN3W8Eu1Nrybrp+UvLuPCTJgSSJwQk1Ie/Gvo1:CI66uoJu4hXp1Nubd+UTu6TJRSJw0G","tlshash":"77e1af2d5386d41030261626cd2dd60d8a94e83bf2cbade280d2b33957c72ff5365d3a","first_seen":"2026-05-30T07:41:04.733772Z","last_seen":"2026-07-04T10:40:29.406729Z","times_seen":22,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-04","alert":"Phishing Block","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"ngfffgygt.vgho9-foqhfoq.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/Champion.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.97","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ngfffgygt.vgho9-foqhfoq.com:15681/?inviteCode=64298\u0026cid=118","date":"2026-07-04T10:39:56.081Z","timestamp":1783161596081,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/Champion.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ngfffgygt.vgho9-foqhfoq.com:15681/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 63468\r\nlast-modified: Mon, 01 Jun 2026 11:10:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 0tYGRaIDz6wEVA6H1tyWwwdrTeknX9fC\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 04 Jul 2026 10:39:56 GMT\r\netag: \"4359f4865294e8b9c531e6d29073af21\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Am0n-NyiAhvZhPTwdSm45PUn5l-r1Eiq_CosGG-S-h-LIFMHoXgtRA==\r\nage: 812\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":63468,"size_decoded":64035,"mime_type":"image/png","magic":"PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced","md5":"4359f4865294e8b9c531e6d29073af21","sha1":"0592efbd26aff43412f8831641dc5556b2b5d517","sha256":"1fa794ff9b760fb7e01db7c07a2d026b59480a51414884451604fc17cbd823d8","sha512":"e4880805c1a2de3409d093c6773b599bfa10abf62b6eeffdbb0d41394ef2d86b0abbb41f88efcf212e18d9e000acc6e15bb3ea92c4e82d7d1afe88f8fc0b10aa","ssdeep":"1536:UE1e8OFvIhJUL6qeaW4Nu/tvtflSCm/ZsMj+I/huI0t/PCYLnLKl5:beDvIK/2lvtfsTBsA+I/FJKL05","tlshash":"2c53021825ed3bc25d3cc156f5e331bcaa24d06723650b22edc7fc192e8c2ac7513a5a","first_seen":"2026-06-24T13:33:42.979881Z","last_seen":"2026-07-04T10:40:29.407285Z","times_seen":16,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
