{"report_id":"981826f0-367b-4f19-87a1-26c24786f156","version":0,"status":"done","tags":[],"date":"2026-07-04T12:42:04Z","url":{"schema":"http","addr":"mgm2.org","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"mgm2.org/","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"title":"美高梅 (MGM)中国官方网站 - MGM ENTERTAINMENT","dom":{"size":8209,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9b8aec82c58f44db0e2da822dacba093","sha1":"eefdfd7d9d562be497b46a3340f84e863714e2bf","sha256":"20d91d56e189bcd65f395b82c8aa84f1cd48af613ccd6debf532c54acec37767","sha512":"9759bda4b09593e9305259d6c50675bdc446cd86d481bb119d0acf8e61e823d2913f9d3c93f2c4132110d061428251044770766c298f6d2cfca57e06c3c26a7c","ssdeep":"192:SrnMZjBPCpnDZ0CPBfE/k1mp6rPlyJzmRF4sArtg:1jmX7Artg","tlshash":"5f02871661d3115b2922d1a66fb3171b6664d407c30bc9a97fcc15cdef89ac9c8a738c","dom_hash":"domhash27012197961c49af023d3292681d65a6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mgm2.org","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-08T12:42:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"mgm2.org","ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":40,"request_count":20,"received_data":1696497,"sent_data":9614,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"156.227.78.98","ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":9,"received_data":296310,"sent_data":4980,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sdk.51.la","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2005-01-17","domain_rank":347679,"first_seen":"2021-03-08T16:03:51Z","last_seen":"2026-06-30T11:50:17.538172Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":450,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mgm2.org/e/dongpo/tz/tj.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bf60b5cf9c764caf9e85228dc7bfc33","sha1":"22b0d1971d7ec1ec3bb55ff4771752db18eab9ef","sha256":"1a32c475f692c3c84f550cc194a92fff3df6368293bbec3b8e67a42bc2d92306","sha512":"681c26eab518649736ea2c6302120b5a61e0b0749375c8933c7c890b6195de0c6e09a4184c9af8c5fd0f5e5eeda63ba803574bee4c44737899ccd18ce14c97c9","ssdeep":"","tlshash":"8601f11f7c25e13463921c2d23bbdadcf5ad2016101dc80654dec4ad6c34ff9042ab4c","size":808,"data":"","first_seen":"2026-03-03T01:17:34.078046Z","last_seen":"2026-07-04T16:11:53.739212Z","times_seen":713,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"026bbac1f10abd14c9e4d6dafe9523a0","sha1":"013d35e5553b8087208251ef1abee7e13b9172e4","sha256":"959f40166cf0eabdd9b7e8b55cbca4d3d74794fc87953820ffddc407a4044e51","sha512":"00cb9ba2bdccaae8d3bce104fef7b6d8611af943c8e0513d1d0cb93c02cea1a04f99fb506a6a8cc64501ffd1526fbac02f4a1c88a30df09094da19ae327ed373","ssdeep":"","tlshash":"11119e6edc51a168a6c328b89b9bd688d16e1025d109c803a9d9c5ce2c38fc4042134c","size":863,"data":"","first_seen":"2026-06-29T19:36:33.641092Z","last_seen":"2026-07-04T12:42:10.253231Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/js/link.js","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"933cf1478030573e36eae160249793c6","sha1":"64884718c49ca4b2f5a00c0f95bcfd746cd8014c","sha256":"088fe2177d2ca38c34d23f32b1511709d6b79cd49202f051a8938a1e5ca7c79d","sha512":"5e9d7be2cd19048dbcbbd0fca607ba683d4715f08fe199b394ab46316433043ad1a7c3f5f74acaf112876151d1dedf2b01ed66414bdf004850149be80dfff9f3","ssdeep":"","tlshash":"c231c058e6d039271d174967699b2d04b593500f7c0aec42f29d8ac0dfb273e4b7ade4","size":1730,"data":"","first_seen":"2026-07-04T12:42:10.214634Z","last_seen":"2026-07-04T12:42:10.214634Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/e/dongpo/tz/tz.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"35d535f77a5895b5e0744009eca116ff","sha1":"8a431232b404373e15e030d686eb6cf6b37c7d03","sha256":"7c5af7ebef1e0ec44b2a02ef7f152cf7083c077b2f870ee3676e474ecb52eff7","sha512":"bbcb0c0d44d22ac34d05703f7d6bfbdf71549ca4109d508e443d45506288de131674849fce44f477d2a0778224f92c1dcee9c643794a600db99729e83ed972e4","ssdeep":"","tlshash":"7e218c7f9e630250d01691692bba676c3e3a001b6301c8307abcbe685f42f429847bd4","size":1158,"data":"","first_seen":"2026-07-02T22:57:01.214666Z","last_seen":"2026-07-04T12:42:10.229527Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/bootstrap/js/bootstrap.bundle.min.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"21d4551af5cc4ed4d818bdbdfea8c358","sha1":"df272a07ed30eaf8025b699c45736ba9d284e4d4","sha256":"35f4547d9364111aca4850347356bc5660a994f0d8b694d88f995098a7b547fa","sha512":"4dcd22faf4688265f834deedb8b6d07c1c5af0991f512031485573994df59d5747ca21c494f3f2d9c59f15a7260892b0d15aa8bebcca85d7764d24cc740c69da","ssdeep":"1536:/SwJiEbnTl6R2t49CFliFCIg/yWszSraJd5qUFH9tZwcE+iYZMgZdj:6wfs+SSO5q4tZwcEVYZFj","tlshash":"2383b5593244b8730ade85b68037430bf2265998b14b812cb57cadde2a7dcc67277f78","size":80821,"data":"","first_seen":"2025-06-18T01:20:12.005242Z","last_seen":"2026-07-04T16:11:53.737581Z","times_seen":2520,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/swiper/js/swiper-bundle.min.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"21b78ba7133b3d67cf8b09cd6a26d386","sha1":"ea59f37b232db6dee2694078bf21e153a09bacdd","sha256":"6f9df49fe12f77b66daba876cb33b7090b2443f570a2a4b9541cddd705440aa5","sha512":"dc48bb38f168f37930ddc3db0cb78b867fd817cb5907b56cf2c7e58b407f2847a4bab78be5ea2c0deb216052020afb782bc8b4c948a5fe52b77128a27365a392","ssdeep":"1536:TIJQfGP7LP8NEuWGKF+IlzholxU/2Bkt+9SD8jv1nTHlU9ymp8Mj0HEOS5hAsVuZ:0JCN+TXD2BkQZFU9tp8Mj0k95h5cpnv","tlshash":"02d3f8896221b57646e316db93e4c221a3b50544b80ac8f470bd4c9f597ec9813feffa","size":140562,"data":"","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-07-04T16:31:46.376864Z","times_seen":5113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/bootstrap/js/home.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"16c93ef01acd14ec64c07020d638253e","sha1":"9c7b9d1a61977675c7f128bf2e27093d3cfe37f6","sha256":"f0795e9620ff382d585e15e40f303b394863fc5fa3dbdecd140adcbc4e51ffd2","sha512":"218d41ff60e128ff13105f9d376cfac1b80401527884da7b6179bab1fe8e9aa9e5959873bc5385798c8a5c6fb7aedce8e68b17112833cc16c096e0dc214d35ea","ssdeep":"96:6P7fgtAVMsSMCM1vUrp8KtQJQ1l/2o3RV0uRC6v6qyS+KQkIF:6P7fg+VSVAvUr2KaG1Zd3YuRriqyDKQH","tlshash":"91c1551a62b42433447775bb97af57c477212087b8c6ec393dfcc6080f845aa59f1aea","size":5802,"data":"","first_seen":"2025-10-09T23:37:04.756251Z","last_seen":"2026-07-04T16:11:53.732845Z","times_seen":1137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mgm2.org/skin/cover/mgm2org/about-19.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.449Z","timestamp":1783168894449,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/cover/mgm2org/about-19.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 95922\r\nlast-modified: Thu, 25 Jun 2026 20:00:44 GMT\r\netag: \"6a3d88ec-176b2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95922,"size_decoded":96195,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 600x400, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"206b972e48892181d83d2a06eb723412","sha1":"deb2f21cc3b51b9a454f592c3089f71345503f3b","sha256":"b553d284da54ec630e3f7c3717a66999548adf598fdfb3d3573fe09a7207301e","sha512":"cb0a30d0cb82b006d7c8c5bcbb4ba4d7975a812ceaffb2947d8aaa95bcd0e1d78c47a7677e26a601562c5c95a6a4728954872233948745c7453def4370c01c95","ssdeep":"1536:2jFXfG36JrgjODm2NcnRvFrGCo7Ok4+uqnHoimIPG5tRHFD3gMIDSxejeY7QhB:EvG36JnDmNvFrlWOlgIixPDD6J","tlshash":"88931216dd36bf71ef85f62840b6361f06a60b673bc31b6d0d3229e07269466cc053ea","first_seen":"2026-07-04T12:42:10.204958Z","last_seen":"2026-07-04T12:42:10.204958Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1460,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":708,"receive":752,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/cover/mgm2org/security-19.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.454Z","timestamp":1783168894454,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/cover/mgm2org/security-19.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 124770\r\nlast-modified: Thu, 25 Jun 2026 20:00:46 GMT\r\netag: \"6a3d88ee-1e762\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":124770,"size_decoded":125044,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 828x552, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"71adc165b9304775bc2a766130a64426","sha1":"1a5d4b48fc05af05be30d2be97c61ab318adde98","sha256":"2463173f4cba7c423fae48ebac19d47510e80768c2fa75084933119ddc9e2a5e","sha512":"5c1671178e2089660c4484212167014b5050193aaae992fbbd13f53df2fa4faece41002d3b5732ed6fe5ec3a40005b5dca67d3b38ccefa56abb8276c4758ad5d","ssdeep":"3072:cwpgA2JuhH7HVFH4lK2jC35+8oUPa7fGMr/sQd:cmD2uhHn72G35FPiff/Dd","tlshash":"dcc312f22623dc7a5460c3ebd2637097f285f07a493cbd855e8b996f418a1d033698f8","first_seen":"2026-07-04T12:42:10.206274Z","last_seen":"2026-07-04T12:42:10.206274Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1456,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":754,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/bootstrap/css/bootstrap.min.css","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.396Z","timestamp":1783168894396,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/bootstrap/css/bootstrap.min.css HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 02 Jul 2025 04:17:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6864b2c4-38a52\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232018,"size_decoded":32163,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"50c95aae1a6c1e089c11681d1e1906f8","sha1":"a65e4fd8db9bd0440de2d6d73c9e7cd00fce4a8d","sha256":"cd1826581e4f2b80af4f1e05897b316c7698441063cffaefbbdeec382ee4cd72","sha512":"7f0edff9370c8d36fb6e96cb25994ff20d98e17702c85656f2ecbc1ec459b07fd2c1b330d2994a1c51ebf7d0cdde5d3856c60dc2fce27145ffeaababbc8c5bc7","ssdeep":"1536:v9xnXGi9GfJkfvq5wlP7cQZDR9uvV982sYRElV6V6pz600I41r:HnXp9GfrV98II6V6pz600I41r","tlshash":"d03482d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2025-06-19T07:12:41.126365Z","last_seen":"2026-07-04T16:11:53.750524Z","times_seen":2526,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/bootstrap/js/home.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.439Z","timestamp":1783168894439,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/bootstrap/js/home.js HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 14 Jul 2025 17:49:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68754346-16aa\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5802,"size_decoded":2098,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"16c93ef01acd14ec64c07020d638253e","sha1":"9c7b9d1a61977675c7f128bf2e27093d3cfe37f6","sha256":"f0795e9620ff382d585e15e40f303b394863fc5fa3dbdecd140adcbc4e51ffd2","sha512":"218d41ff60e128ff13105f9d376cfac1b80401527884da7b6179bab1fe8e9aa9e5959873bc5385798c8a5c6fb7aedce8e68b17112833cc16c096e0dc214d35ea","ssdeep":"96:6P7fgtAVMsSMCM1vUrp8KtQJQ1l/2o3RV0uRC6v6qyS+KQkIF:6P7fg+VSVAvUr2KaG1Zd3YuRriqyDKQH","tlshash":"91c1551a62b42433447775bb97af57c477212087b8c6ec393dfcc6080f845aa59f1aea","first_seen":"2025-10-09T23:37:04.756251Z","last_seen":"2026-07-04T16:11:53.732845Z","times_seen":1137,"resource_available":true,"data":null}},"time_used":718,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":718,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/cover/mgm2org/why1-19.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.450Z","timestamp":1783168894450,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/cover/mgm2org/why1-19.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 90680\r\nlast-modified: Thu, 25 Jun 2026 20:00:45 GMT\r\netag: \"6a3d88ed-16238\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":90680,"size_decoded":90953,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 742x493, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"718932060673d519a9bc29c619627989","sha1":"b054cf04b8c9d652166ec2132cff87b15a1bd684","sha256":"c6b113f93f9654ff2ff0c6c94231f042e30cd643f1368210d460b525b3b801a7","sha512":"fd87191c52f462d43420c7bf859f6efa5dd1b22f569175d0e590396ecc639d759494303061491d2a3dd1683bb7ed187e00c315e90ea2e22c0e81aefdf2ae0b0d","ssdeep":"1536:Nkz3TIi7dG4JLNM+sQMHxeriK9yozwwbzxnWTjqSOjafDH:G3TU4JLNMrQMReGkH8wHZ0mSPfD","tlshash":"b09312a2bbfd254d616c39fb910e75d278dc823d28bdeabc020690acec4671550999bc","first_seen":"2026-07-04T12:42:10.208896Z","last_seen":"2026-07-04T12:42:10.208896Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":707,"receive":752,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-04T12:41:32.111Z","timestamp":1783168892111,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:33 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21740,"size_decoded":6458,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"ae250f4734cb7cdb6c3bfa7f7515e42f","sha1":"2b4e01e0657dc06e5fd8c55ae39272fdfc8d0695","sha256":"d012406083e853920880fd5fd62a9803b689abc5898f756a3653bfdf373d5f37","sha512":"0223882efdf5031b7024fc56b5601808b1164f9b3bfb76d12aeae0d42ef4c043b067095060501726eed56f1b6f1e2e69f229fccfaabafd708a8880b1b31c20dd","ssdeep":"192:sy/diEOibM52JPYMuRnOx+NLWVitu6L7ju+YqgC7YC2Z1WRpd3aGw/9:sy/tNnJPYZOx+NLWVi863XglCrvaGw/9","tlshash":"549250b6a1f22467019392e666a8a74f6fd5d50bca6f4514b3fe6bc44fc2d83c58320c","first_seen":"2026-07-04T12:42:10.211003Z","last_seen":"2026-07-04T12:42:10.211003Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2030,"timings":{"blocked":-1,"dns":777,"connect":251,"send":0,"wait":497,"receive":0,"ssl":505},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/bootstrap/css/module.css","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.427Z","timestamp":1783168894427,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/bootstrap/css/module.css HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 25 Jul 2025 02:07:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6882e6d2-28112\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":164114,"size_decoded":32362,"mime_type":"text/css","magic":"ASCII text, with very long lines (65518)","md5":"67e45932bedd92dd7bc2a7de1653677e","sha1":"b15f3b2e370d9a7c2c40ea991c8f4a839617702d","sha256":"6e25cdc64273a412026df8a7b3510d9ba7dd6cd75653dd3eb884371b4ace73e8","sha512":"d6130c594f82eefca5109421095dc8c0603b44c4c714bdb8956e64278c9c1625263a531a1ad401fa344f180c2f1cbe95af8246c9e33dc6a28316ab243f448591","ssdeep":"1536:qiVj2AhHm0CfrtrPr7AhhTQbdS6U8H2GXVxICl1gGqotJFFp4L/Xzbv9ALVTFCew:sAhhTQg6U8p45s5Q","tlshash":"c6f397309984202cf11bc5eae5d0abef32649801f663077ef66370a6d6c21ef577674a","first_seen":"2025-10-09T23:37:04.753197Z","last_seen":"2026-07-04T16:11:53.726379Z","times_seen":1129,"resource_available":false,"data":null}},"time_used":479,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":479,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/swiper/css/swiper-bundle.min.css","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.429Z","timestamp":1783168894429,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/swiper/css/swiper-bundle.min.css HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 08 Jul 2025 14:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686d2cf8-4691\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18065,"size_decoded":5190,"mime_type":"text/css","magic":"ASCII text, with very long lines (17812)","md5":"ea28ae0aaf82709381c57d6a7daa7a05","sha1":"a7c528dc9018aeefed9a52337168decb220e2f61","sha256":"af8545de3876815292506711e1369bff9dfe57ec7e04c45c3e1bdac48a11f3b2","sha512":"9c63402a957e06b7c365a6cf5f53baaba991953e7bfda99d8feeaf177db6a2782a28004b1d82df2dcde362d5556e4891f6da300d63cf13d816144dadb1920f66","ssdeep":"192:1VmUJbiKne0JlXZHZ+Sme+jexS4nxep/a2GZb0Q5nfufKlAYfg5fyeesedOJ9A5Q:1gUbe0JdZHZ+W+SFnZ24tlWfF4XYz","tlshash":"d08245a85340282753274f364b71cbb9dd7444d20f9389ae91c0ee48d7f6db9132f6a9","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-07-04T16:11:53.722527Z","times_seen":5730,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":477,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/fontawesome/webfonts/fa-solid-900.woff2","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:35.229Z","timestamp":1783168895229,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/skin/fontawesome/css/all.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 158220\r\nlast-modified: Fri, 13 Dec 2024 14:50:06 GMT\r\netag: \"675c499e-26a0c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":158220,"size_decoded":158494,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 158220, version 775.1280","md5":"4a6591ab5460ae5cbff1ecbd6e52193a","sha1":"7cd8afd6501962fda35d66f0e4c3b8815ac471d8","sha256":"aa75998623a391e61c6901794ace832e3ecdd288b56d608f21bea0411acc0b8e","sha512":"96c5d3283b71613b595b6b0420333bef5d64451af05c59dde27ec5b3e7cfe6e9549c604cddfbcb79cbc0fd4cd6f2e22a130c9a220b1b7ef933ac9df8c8e695d6","ssdeep":"3072:RauSB5FANIRLpsBaBrJGNG3ECNQztRvHHqkqLrlF:guSqN6ptrJGo3POh9KT9F","tlshash":"0ef312a710c6b95684a3a51b336adeb52c3ed363fcb6cd73be340114689da9c2e4d190","first_seen":"2024-12-19T10:41:23.153533Z","last_seen":"2026-07-04T16:32:41.030176Z","times_seen":30896,"resource_available":false,"data":null}},"time_used":687,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":684,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:35.562Z","timestamp":1783168895562,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 24 Feb 2026 12:58:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699da065-2022\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8226,"size_decoded":3050,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"37e7d1f52c08e5cba53549061a088fc5","sha1":"28c3261f8d0f8046ea8bfbcc0ad0e27c80b4dd5f","sha256":"16fe2998b51bd69b9259cb4d1045e4053b99d36368c45efc805240deebc66f0b","sha512":"e64d59f26fc94e14d5b925894cfcdeace55b2bdc48a749ef9b1a7043df551479d55529bf533bc94d68d5f5f071d501c5cfef7fa3eb13fdde26bdcfeb5f3cc85e","ssdeep":"192:irnMZjBPCpnDZ0CPBfE/k1mp6rPlyJzmRF4sArt+:ljmX7Art+","tlshash":"d602761661d3115b292291a66fb3171b6664d407c20bc9a97fcc15cdef89ac9c8a738c","first_seen":"2026-03-01T01:18:02.551716Z","last_seen":"2026-07-04T12:42:10.214047Z","times_seen":320,"resource_available":true,"data":null}},"time_used":2023,"timings":{"blocked":-1,"dns":0,"connect":1267,"send":0,"wait":250,"receive":0,"ssl":506},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/js/link.js","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.677Z","timestamp":1783168897677,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/js/link.js HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 04 Jul 2026 05:00:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a489378-6c2\"\r\nexpires: Sun, 05 Jul 2026 00:41:37 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1730,"size_decoded":1160,"mime_type":"application/javascript","magic":"ASCII text","md5":"933cf1478030573e36eae160249793c6","sha1":"64884718c49ca4b2f5a00c0f95bcfd746cd8014c","sha256":"088fe2177d2ca38c34d23f32b1511709d6b79cd49202f051a8938a1e5ca7c79d","sha512":"5e9d7be2cd19048dbcbbd0fca607ba683d4715f08fe199b394ab46316433043ad1a7c3f5f74acaf112876151d1dedf2b01ed66414bdf004850149be80dfff9f3","ssdeep":"","tlshash":"c231c058e6d039271d174967699b2d04b593500f7c0aec42f29d8ac0dfb273e4b7ade4","first_seen":"2026-07-04T12:42:10.214634Z","last_seen":"2026-07-04T12:42:10.214634Z","times_seen":1,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/picture/wnspc.png","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.686Z","timestamp":1783168897686,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/picture/wnspc.png HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-1eb7\"\r\nexpires: Mon, 03 Aug 2026 12:41:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7863,"size_decoded":8406,"mime_type":"image/png","magic":"PNG image data, 172 x 60, 8-bit/color RGBA, non-interlaced","md5":"6e6f3e6c749737e6c347ec25d39b3eb1","sha1":"076c805bf394c7996a58202e333827837c8b1378","sha256":"391138ddf53bc321563b3d17fe0f37f5b40efba65fc661dbfa239a2b2184ec65","sha512":"b4621a8e30b49a48b1b13e9582c260b02d42ab2cc2509d59e56cf85028eec3dd165e255dff5c61e689ad8b4eaabe74852185efb2764da5c0ec1133a2ccb02a3d","ssdeep":"192:FQSFq7yL2y34yuuSzYUfBY2kCf9pDnA3+O07Zu86U9S0aN:zFjLX3u1YU5sCzA3hEu86sSLN","tlshash":"26f1ae6b1553fcb469dda7e92063af6082136f48b0077a12fb2b29748135fe5f44aa13","first_seen":"2023-09-28T01:03:26Z","last_seen":"2026-07-04T12:42:10.215736Z","times_seen":746,"resource_available":false,"data":null}},"time_used":746,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":746,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/picture/1552215839168.png","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.690Z","timestamp":1783168897690,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/picture/1552215839168.png HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-2a6b0\"\r\nexpires: Mon, 03 Aug 2026 12:41:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173744,"size_decoded":174330,"mime_type":"image/png","magic":"PNG image data, 488 x 147, 8-bit/color RGBA, non-interlaced","md5":"ce2e5b88612ff5d0c083357995805cb1","sha1":"ee211057d855fb16fcbbc4dd280c54d0e8be9445","sha256":"8d2484ecd64a9270ab446bebd54998c84015ccac62e322332ff027218cc11c54","sha512":"5c3a7cc91ed1cc8f9064538fd154dd31addf4705eea3767bd444c06cc64dfedc9bdccee584936bd2b6a4f142820d0bdd74213497247a59759e89d79fa5bfd896","ssdeep":"3072:7jOt+RYVDFMiydCbjFViIj2qBEn0uzBdtt/jU4SyaguPpoQE3TqtGMFR++gcKiYF:fOARYVFMiyyhViycrTLw4vagkpoQE3T/","tlshash":"c204124c9c4413f186c9f265e2068884e57fc915427c342b37c9e3fb4da6a4927baf32","first_seen":"2023-09-28T01:03:26Z","last_seen":"2026-07-04T12:42:10.216328Z","times_seen":772,"resource_available":false,"data":null}},"time_used":991,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":991,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/logo/mgm2org/logo.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.447Z","timestamp":1783168894447,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/logo/mgm2org/logo.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4796\r\nlast-modified: Thu, 25 Jun 2026 20:00:44 GMT\r\netag: \"6a3d88ec-12bc\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4796,"size_decoded":5067,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 400x140, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6d39ffefae80da06e7cde1674a46f3a8","sha1":"3eb587aa21ca0d97d6f1173e19ae6ef91ac35558","sha256":"20b49bed71dda8f72a59532b16f958c440b864d8776d820a5fc457fdb84ba98f","sha512":"f0d7effb5b60744255a2fd7023886b6b0f456f447e9eab5a37f39f504272c6a5f1b33e1b0f96d4f3bb1bbbfb471d70383b02d97f27127e216239a862cfdf6097","ssdeep":"96:TFdFKaqJeUn11fB9YqQT5HmzJD4Y1QLQCvw5AfyEnP8wEofZAQddtEsXFy:TT4aq8U11cv5O0LIA7Prf9dmsVy","tlshash":"a0a18ec58e15b00ddf41baca0fa490e6cce0ef736d14493d80ff4fa8d74028046b4285","first_seen":"2026-07-04T12:42:10.216971Z","last_seen":"2026-07-04T12:42:10.216971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":960,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":709,"receive":251,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/cover/mgm2org/why2-19.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.451Z","timestamp":1783168894451,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/cover/mgm2org/why2-19.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 81530\r\nlast-modified: Thu, 25 Jun 2026 20:00:45 GMT\r\netag: \"6a3d88ed-13e7a\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81530,"size_decoded":81803,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 593x395, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cd20b02b0448260e68cb186769b2b73a","sha1":"73d3178ae759e82f837022fc75ce8708f8618474","sha256":"89482b1680941ae3e512c00286e85628b2c9e60240ce194ac977836e4fe143a5","sha512":"cc7ece0477f36a888b2cc717f929ea4c51e51609be0b0db28e314f4659c1dd5971a5ab373c3aff1e19fdc759f62197114efa427124eff12a0f821dae100f340d","ssdeep":"1536:6zaS/FeFVCwNjMnE1Hw2QSqqnoKKcRCbmsc6qFQaEtjridbH8tsACMvTQ:0oGZE1HwPS9oKKkD60Cj6bH3Uc","tlshash":"e2831263ef545b79c06de15f14ab336ee3e7ea49eaaced72180c0316418424d4fec919","first_seen":"2026-07-04T12:42:10.221118Z","last_seen":"2026-07-04T12:42:10.221118Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":706,"receive":753,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/cover/mgm2org/why4-19.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.453Z","timestamp":1783168894453,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/cover/mgm2org/why4-19.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 129196\r\nlast-modified: Thu, 25 Jun 2026 20:00:45 GMT\r\netag: \"6a3d88ed-1f8ac\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":129196,"size_decoded":129470,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 808x539, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6b10e2ce92074174ddf242bb93989809","sha1":"1a70a64f6341bb810773b8d81733046d0561c630","sha256":"c725268e6cb366463c920086b2aaa1f346c29fde40575f6c2476b88008d4c37d","sha512":"b647aed42eda365d706dfbdd955811fc97130539eb05fd74df9fd495b27b4972b2cde11c5292f4b097319c040892be841a804f8f10dd5a0a9daa2e43e17090af","ssdeep":"3072:1f3w6k/0hdc8+zV6+kWnAtMxPwVGLz2AptqS8HxjSstlTreQ:1fS/opUVZ5AtWAtAZmkcf9","tlshash":"20c313b85bfa70d5ed32b929d14aea4c5f79a39c5e638ea41451d162cc7e3018fc802f","first_seen":"2026-07-04T12:42:10.223426Z","last_seen":"2026-07-04T12:42:10.223426Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1458,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":704,"receive":754,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/cover/mgm2org/app-19.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.456Z","timestamp":1783168894456,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/cover/mgm2org/app-19.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 146714\r\nlast-modified: Thu, 25 Jun 2026 20:00:46 GMT\r\netag: \"6a3d88ee-23d1a\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146714,"size_decoded":146988,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 686x457, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"189f8c856fedcd18a7f4957daa0d5ecb","sha1":"19a03dc24c33ec44cbcb76d71542690b8a12bf23","sha256":"dbf30df7338bae229971f300ba3c5bf437c59003705fe1d882454798ecfa9432","sha512":"d9015e0010b7303816f8bc94c5a1b3998f19acb73e14ae5c01ee2a509a984242dbaba14331e1a86aad2632ef2af750e756879033c39b4ab193a27e3708da6618","ssdeep":"3072:ftXJCO0mkHf9+Q2SCJKeoX3c4E7yn0sM35HmvpRzDp34MO26ha1b:TBhQ2XkeA3c44y0BHmxRzV6V01b","tlshash":"34e312431f41ab3de14423aba84d0609679007efd56c8be7635ba28e13e57c2f66b437","first_seen":"2026-07-04T12:42:10.225097Z","last_seen":"2026-07-04T12:42:10.225097Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1456,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":755,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/picture/xpjpc.png","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.685Z","timestamp":1783168897685,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/picture/xpjpc.png HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-5800\"\r\nexpires: Mon, 03 Aug 2026 12:41:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22528,"size_decoded":22814,"mime_type":"image/png","magic":"PNG image data, 183 x 55, 8-bit/color RGBA, non-interlaced","md5":"c53d923594566be7e0e41e8d720c0ac0","sha1":"e16a4b701d10291bbff90178e8b0d5f576e00821","sha256":"021994557d1d9642fdc16a0d8f6e471bec81bea7f366de6ef631f536c165418b","sha512":"554f7d6d44d26905610a65e21bd157ec30fef501c356e97787deca22f9089216f59e284f0effab7b18da89134af594d4ffd5eed889b1b5a4d5a5412456b9832e","ssdeep":"384:QfchEzlZmrXTjUDkJe2tERBxq2ceTdr1lFJ3d2Oo+UQSYJshjRHXvcQ:QfchEzrmrXTjUhP42cKpFJ3lo+UHYa//","tlshash":"fba2e0f1f36ff1b54a924d554cf8e2b080978942e088ee6135cb204acade8d31d993e7","first_seen":"2023-05-07T20:04:35Z","last_seen":"2026-07-04T12:42:10.226536Z","times_seen":862,"resource_available":false,"data":null}},"time_used":747,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":747,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/e/dongpo/tz/tj.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.441Z","timestamp":1783168894441,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /e/dongpo/tz/tj.js HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 808\r\nlast-modified: Tue, 23 Jun 2026 12:07:47 GMT\r\netag: \"6a3a7713-328\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":808,"size_decoded":1159,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (554)","md5":"1bf60b5cf9c764caf9e85228dc7bfc33","sha1":"22b0d1971d7ec1ec3bb55ff4771752db18eab9ef","sha256":"1a32c475f692c3c84f550cc194a92fff3df6368293bbec3b8e67a42bc2d92306","sha512":"681c26eab518649736ea2c6302120b5a61e0b0749375c8933c7c890b6195de0c6e09a4184c9af8c5fd0f5e5eeda63ba803574bee4c44737899ccd18ce14c97c9","ssdeep":"","tlshash":"8601f11f7c25e13463921c2d23bbdadcf5ad2016101dc80654dec4ad6c34ff9042ab4c","first_seen":"2026-03-03T01:17:34.078046Z","last_seen":"2026-07-04T16:11:53.739212Z","times_seen":713,"resource_available":true,"data":null}},"time_used":967,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":716,"receive":251,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/cover/mgm2org/why3-19.webp","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.452Z","timestamp":1783168894452,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/cover/mgm2org/why3-19.webp HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 73982\r\nlast-modified: Thu, 25 Jun 2026 20:00:45 GMT\r\netag: \"6a3d88ed-120fe\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73982,"size_decoded":74255,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 569x437, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5acabe9803d3a52a64ea24e8d266b0e6","sha1":"b9dd0379727b6a14a1c7213b7f805917bea1e1d4","sha256":"1d8e1ca59b58babf9f0e82e56ebb9e98cbc974f6fc98455b34c2b95b42798b92","sha512":"a02674862c88b8ed233d1c3059bdd05a62e075c0232a5ba7b54d4d7630bd65f6e6d684f12e79adfa8939229db265e36228e156f8fa428fd6c0ef8f451059c163","ssdeep":"1536:8UdaGEiENd4OOOZXSIC+kRJEjvShkPfpNDwu1qkdUrn+0Fw+RGBj:FdasEAODSI7kRJEjvSCpZwu1qbD+0F16","tlshash":"8c7312a7cc8dfd06eb3883fa927bc72b55bc44ea4b54e3d7c8c5d21a12a5821319d00a","first_seen":"2026-07-04T12:42:10.228032Z","last_seen":"2026-07-04T12:42:10.228032Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1458,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":705,"receive":753,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/e/dongpo/tz/tz.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.434Z","timestamp":1783168894434,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /e/dongpo/tz/tz.js HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 03 Jul 2026 18:23:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a47fe1b-486\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1158,"size_decoded":851,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"35d535f77a5895b5e0744009eca116ff","sha1":"8a431232b404373e15e030d686eb6cf6b37c7d03","sha256":"7c5af7ebef1e0ec44b2a02ef7f152cf7083c077b2f870ee3676e474ecb52eff7","sha512":"bbcb0c0d44d22ac34d05703f7d6bfbdf71549ca4109d508e443d45506288de131674849fce44f477d2a0778224f92c1dcee9c643794a600db99729e83ed972e4","ssdeep":"","tlshash":"7e218c7f9e630250d01691692bba676c3e3a001b6301c8307abcbe685f42f429847bd4","first_seen":"2026-07-02T22:57:01.214666Z","last_seen":"2026-07-04T12:42:10.229527Z","times_seen":2,"resource_available":true,"data":null}},"time_used":722,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":722,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/bootstrap/js/bootstrap.bundle.min.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.435Z","timestamp":1783168894435,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 02 Jul 2025 05:41:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6864c69c-13bb5\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80821,"size_decoded":24420,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"21d4551af5cc4ed4d818bdbdfea8c358","sha1":"df272a07ed30eaf8025b699c45736ba9d284e4d4","sha256":"35f4547d9364111aca4850347356bc5660a994f0d8b694d88f995098a7b547fa","sha512":"4dcd22faf4688265f834deedb8b6d07c1c5af0991f512031485573994df59d5747ca21c494f3f2d9c59f15a7260892b0d15aa8bebcca85d7764d24cc740c69da","ssdeep":"1536:/SwJiEbnTl6R2t49CFliFCIg/yWszSraJd5qUFH9tZwcE+iYZMgZdj:6wfs+SSO5q4tZwcEVYZFj","tlshash":"2383b5593244b8730ade85b68037430bf2265998b14b812cb57cadde2a7dcc67277f78","first_seen":"2025-06-18T01:20:12.005242Z","last_seen":"2026-07-04T16:11:53.737581Z","times_seen":2520,"resource_available":true,"data":null}},"time_used":721,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":721,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/picture/jinshapc.png","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.681Z","timestamp":1783168897681,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/picture/jinshapc.png HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-a334\"\r\nexpires: Mon, 03 Aug 2026 12:41:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41780,"size_decoded":42328,"mime_type":"image/png","magic":"PNG image data, 295 x 113, 8-bit/color RGBA, non-interlaced","md5":"1d2140363e0fda69f41537010f37ac74","sha1":"9f3791b6ade0a7966dee0253cb698564490e9440","sha256":"65ff8549228320f54f3d93e45194314c43c7cea541241876a57633bb5ac94f92","sha512":"75dd491fe42a57dee94c06e5e389323f0b32a584f3d0223845ea8f945ac9cff401e65cc381f4e8973dd78c14655abfff000186a770df78acddff35e6bb69fa86","ssdeep":"768:fUD/+JUtuV8Sp+uA5mBhYhXXy7I1VzKT26hq34ZhMNg1de0nGtXIIq5y7RYLIXK9:j2SYd1Xy7wVG66BvMNg60KXrsLB","tlshash":"3113f1a116d7074d278849fcda334deec406ab285d19b93ec5f68f34e3846c4d083a66","first_seen":"2025-01-31T12:39:53.036928Z","last_seen":"2026-07-04T12:42:10.243916Z","times_seen":722,"resource_available":false,"data":null}},"time_used":501,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":501,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/picture/365pc.png","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.684Z","timestamp":1783168897684,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/picture/365pc.png HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-2255\"\r\nexpires: Mon, 03 Aug 2026 12:41:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8789,"size_decoded":9332,"mime_type":"image/png","magic":"PNG image data, 189 x 44, 8-bit/color RGBA, non-interlaced","md5":"e0c9d379cd4926e815abd7d25c32f5e4","sha1":"e9a1fb55262d96495f14da278c7242cc3fda956b","sha256":"7b50586f667edbeb0c3d573a44d40742354c385a2d7ae1971aa4b0173c11173d","sha512":"519aaeff0baab73e269e86413df78c8563728cb4b1f17e448877c4853a726df366f201b9e869078a4fa460517530a84b5ae9da4290511aeb4d0b93aecb9ac99c","ssdeep":"192:6ZTS99EegUNgEBTJ35PgUUxiKlqSvxV5mG5pqghmCoTHV0:2YzgogEr35Y7cK1YGmAMT+","tlshash":"1e02a0bc5a62079b3d1aa9f8172c54f1fdd070eb411f7c99947d201b0c68a1c83af4a3","first_seen":"2025-01-31T12:39:53.02929Z","last_seen":"2026-07-04T12:42:10.244756Z","times_seen":723,"resource_available":false,"data":null}},"time_used":748,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":748,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/picture/dfpc.png","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.689Z","timestamp":1783168897689,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/picture/dfpc.png HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d8daa-1c49\"\r\nexpires: Mon, 03 Aug 2026 12:41:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7241,"size_decoded":7784,"mime_type":"image/png","magic":"PNG image data, 200 x 50, 8-bit/color RGBA, non-interlaced","md5":"9ca63936da71d994267413c9b4d62583","sha1":"0083b92ce28904d8c01cca591a852d218c944d3e","sha256":"909c9c1f9b2ee3b6ebe305b395b454cb597ae2b4ad8ec0db3a57c2e678bb685a","sha512":"2c01f6e39b4f8c4ff7d8c2d20640c9d80b50ebb49351d32c4e0263b11abbb721b6af3c4d27c308f6e26d4f9e0c5f08045c0d235b3ef1a587eaa1df578c7c333b","ssdeep":"192:FxLpy98iKPdw9eYyJIoxrBG3GFQVnpq1fw5qDQ/7os:F1pyNIq9e1Zrg3GFQVnp2YsQ/j","tlshash":"78e18e3b8e8c2754c1551385a136fab4d8791ef331f4923e9a257c22dd52ab2c921386","first_seen":"2026-03-01T01:18:02.55958Z","last_seen":"2026-07-04T12:42:10.245712Z","times_seen":488,"resource_available":false,"data":null}},"time_used":992,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":992,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/fontawesome/css/all.min.css","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.431Z","timestamp":1783168894431,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/fontawesome/css/all.min.css HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 02 Jul 2025 04:17:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6864b2c2-1907e\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":102526,"size_decoded":23140,"mime_type":"text/css","magic":"ASCII text, with very long lines (52276)","md5":"c43cd173eeeba2f72aa6b431d06b8c07","sha1":"427a692f7f39eabb3d5b8510aee2743025daf813","sha256":"c880eb3d25c765d399840aa204fec22b3230310991089f14781f09a35ed80b8a","sha512":"02f6f6422b83104bc1e1b64961d7edda63635528417ed2dd3c6f0527457b8ab4cb43c528d2a70fc61e0f96aec6e6d1a6d2b53ed523e1568b6d78ba41111c1393","ssdeep":"1536:vwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPG9ZpgmLCq:P709gMGFiyPG9ZimLCq","tlshash":"4fa3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2024-01-04T18:36:36Z","last_seen":"2026-07-04T16:11:53.732269Z","times_seen":12489,"resource_available":false,"data":null}},"time_used":725,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":725,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:35.610Z","timestamp":1783168895610,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /js-sdk-pro.min.js HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/ico/favicon19.ico","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:36.022Z","timestamp":1783168896022,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/ico/favicon19.ico HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:36 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nlast-modified: Wed, 09 Jul 2025 09:42:24 GMT\r\netag: \"686e3980-423e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16958,"size_decoded":17232,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"1bf288cae90246d716cb4eaa9553ef9c","sha1":"e6a5141eb627725f934a03f4a79e9d1cb43b3c10","sha256":"5f5f8140213d7614e27fc079cb8f56cd98291c383cbbca8971abe3f706f24e8f","sha512":"fab1ee7a32b53aa5a7fc9ad000b535fb07451f8a8e0650a097c27a06e8812a441e9f140c440d972f3a7deb0c5012f650ab00a7ca10514af3d37d3c91ec04174e","ssdeep":"192:vbdI3frq1PwDmNeisNuCZu48bvsCb2ogXWjNo+zZIlEeZthRdT:zdIvrwPxxsjZu4AF2ogXWBhzalEeJRdT","tlshash":"f8727ab7ae8ed8b9c857cf7172077da39e53351876b410965bc8362c4f34a096c8ac2d","first_seen":"2026-05-07T11:04:13.862084Z","last_seen":"2026-07-04T12:42:10.248985Z","times_seen":12,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"156.227.78.98:11994/static/picture/tycpc.png","fqdn":"156.227.78.98","domain":"156.227.78.98","tld":""},"ip":{"addr":"156.227.78.98","port":11994,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://156.227.78.98:11994/","date":"2026-07-04T12:41:37.687Z","timestamp":1783168897687,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 09:34:10 GMT","end":"Wed, 08 Jul 2026 01:34:09 GMT"},"fingerprint":{"sha1":"DD:D0:37:5F:FB:82:C4:0A:A6:C1:12:36:DA:09:9C:01:04:D1:E3:19","sha256":"0D:E8:F1:AE:71:E7:CE:C5:33:78:C1:10:D5:53:AE:81:81:0C:33:27:3F:8E:52:12:14:43:86:3F:C3:DC:FD:35"}}},"request":{"raw":"GET /static/picture/tycpc.png HTTP/1.1\r\nHost: 156.227.78.98:11994\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://156.227.78.98:11994/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-4d7b\"\r\nexpires: Mon, 03 Aug 2026 12:41:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19835,"size_decoded":20378,"mime_type":"image/png","magic":"PNG image data, 162 x 60, 8-bit/color RGBA, non-interlaced","md5":"9cccfc8ca4e4f50e4155a906a42666cb","sha1":"6687ef39ed3ba532124b8155234e819655ac0827","sha256":"38fa753bd6894fd8b0fdd94ba7e7bd9da32cb1e58017c44ce0147afba97b4841","sha512":"4e5e74b92841a16efc4cad516894bdaa1eca4ccdca290bcb36bbaa68cbe2011a6d12005f5bc2946532bbddc4e73161589ab3a296a734b78ad12aaa540bed9cca","ssdeep":"384:nC4JlgpsDv49JmGFnsvbCU5jAEVzJ0smbzRgZGme584WLMM0tq5PHcMV:Ccw9J9FybCUTzJ0smbZhwPH5","tlshash":"ba92e1cc99b518a51940f1dc2f338a48cfe9112c29e58776b1d377a2d94ae6f307c60b","first_seen":"2025-02-07T02:11:03.006958Z","last_seen":"2026-07-04T12:42:10.25114Z","times_seen":719,"resource_available":false,"data":null}},"time_used":993,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":993,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm2.org/skin/swiper/js/swiper-bundle.min.js","fqdn":"mgm2.org","domain":"mgm2.org","tld":"org"},"ip":{"addr":"19.200.11.117","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgm2.org/","date":"2026-07-04T12:41:34.437Z","timestamp":1783168894437,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg7vip.best","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jun 2026 19:00:58 GMT","end":"Wed, 23 Sep 2026 19:00:57 GMT"},"fingerprint":{"sha1":"79:9A:04:C2:97:7F:90:1C:2E:B6:59:20:35:75:16:BD:FD:6B:C1:FE","sha256":"76:18:B2:B7:E7:46:4E:53:E2:EB:05:D0:12:B2:DF:19:B6:33:F8:25:02:3D:A0:C4:67:2E:58:8A:75:59:AA:33"}}},"request":{"raw":"GET /skin/swiper/js/swiper-bundle.min.js HTTP/1.1\r\nHost: mgm2.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mgm2.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 12:41:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Jul 2025 05:58:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68661bfe-22512\"\r\nexpires: Sun, 05 Jul 2026 00:41:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140562,"size_decoded":39953,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65283)","md5":"21b78ba7133b3d67cf8b09cd6a26d386","sha1":"ea59f37b232db6dee2694078bf21e153a09bacdd","sha256":"6f9df49fe12f77b66daba876cb33b7090b2443f570a2a4b9541cddd705440aa5","sha512":"dc48bb38f168f37930ddc3db0cb78b867fd817cb5907b56cf2c7e58b407f2847a4bab78be5ea2c0deb216052020afb782bc8b4c948a5fe52b77128a27365a392","ssdeep":"1536:TIJQfGP7LP8NEuWGKF+IlzholxU/2Bkt+9SD8jv1nTHlU9ymp8Mj0HEOS5hAsVuZ:0JCN+TXD2BkQZFU9tp8Mj0k95h5cpnv","tlshash":"02d3f8896221b57646e316db93e4c221a3b50544b80ac8f470bd4c9f597ec9813feffa","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-07-04T16:31:46.376864Z","times_seen":5113,"resource_available":true,"data":null}},"time_used":719,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":719,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"mgm2.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}
